Saturday, September 15, 2007

gone phishing (or, my first scam)

Probably everyone else in the world has had the experience of receiving a seemingly-legitimate email that is, in fact, an attempt to get you to reveal your bank account or credit card information, enabling the sender to empty your account or max out your card. But I'd never gotten one before, so I was kind of fascinated when I recently received the following two emails, sent on successive days. I've changed the bank's name to XYZ Bank and left out the link and the date, but otherwise, the text below is identical to the two emails I received:

Unauthorized Activity

Dear XYZ Bank client,

You have received this email because you or someone had used your account from different locations. For security purpose, we are required to open an investigation into this matter.

In order to safeguard your account, we require that you confirm your banking details.

The help speeed up to this process, please access the following link so we can complete the verification of your XYZ Bank Online Banking Account registration information.

If we do no receive the appropriate account verification within 48 hours, then we will assume this XYZ Bank account is fraudulent and will be suspended.

The purpose of this verification is to ensure that your bank account has not been fraudulently used and to combat the fraud from our community. We appreciate your support and understanding and thank you for your prompt attention to this matter.

***Important Notice From XYZ Bank****

XYZ Bank Security Center

We recently have determined that different computers have logged onto your Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us.

If this is not completed by September XX, 2007, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner.

To confirm your Online Banking records click on the following link:

Thank you for your patience in this matter.

XYZ Bank Customer Service

Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.

There are a few easy-to-overlook errors that suggest English is not the writer's first language, but on the whole, the emails seem like they could, just possibly, be authentic.* For a few seconds, I was completely fooled. I wondered if the problem might have been caused by the fact that I sometimes log in from work or that I use several different laptops or that I frequently forget my password. I started worrying that someone had managed to withdraw money from my account and that this month's online payments hadn't gone through. I told myself that it wouldn't be fair for the bank to charge me overdraft fees if any of my checks had bounced.

I was about to click on the link, when I remembered something that made me decide it probably wasn't necessary. I don't have an account at XYZ bank.

*Of course, no bank would send an email requesting account information, but that didn't occur to me at the time.


Monica said...

I've received these kinds of e-mails before. I actually had my bank acct. info. stolen. A man somehow got possession of my account number and ordered checks (Nature scenes... like those kinds of checks that are advertised in the newspaper fliers). I checked my balance and noticed about a thousand dollars missing. Sure enough in one day he had written checks for over three hundred dollars at three places. It only took about three days for the bank to put the money back, but it was an inconvenience. I still have the bogus checks.

Magpie said...

Oh lord. I get them all the time. Mostly at work where I get a shocking amount of spam, or did until we put in a draconian spam blocker.

meg said...

That's really pretty scary. I would probably think it was legit at first too.

I never use online banking (I know it's good, but I couldn't use it with a mac when they started, so I just stuck to telephone banking). Though I suppose there is a scam for that too?

slouching mom said...

I definitely would have been fooled. I am really very naive.

Eva said...

To me the grammar, syntax, word choice, and typing errors were so obvious (but then I'm an English teacher so I'm always on the look-out) that, even if I didn't know about these emails, and didn't know that banks don't send emails like them, I wouldn't have been fooled. Glad they didn't get you!

Aurelia said...

I've gotten a few of these, some from crooks who WERE trying to get my credit card number and a few from legitimate companies that were trying to tell me that my subscription to their service was expiring.

Of course, they didn't realize that they should've put no links and told me to call them or go to the main website to renew. I'm thinking that sooner or later email will simply no longer exist as a form of communication because it has been so completely corrupted by spam and phishing.

Which is a shame considering how much it has revolutionized my life.

mcewen said...

Newbie visiting from Slouching Mum [loved your comment there on her piece]

I have been buried in these kinds of emails lately, but I'm wiser than I once was.

Probably a year ago now, I had an email that exactly matched the Amazon site in every respect. I very nearly fell for it and I was incensed afterwards.

The latest slew of banking / fraudulent use messages are driving me barmy too.
Best wishes

Anonymous said...

I hate spam.

Glad this one didn't catch you.

LeRoy Dissing said...

I got one at work a bout four years ago wanting my paypal information. It looked legit and since I had never seen one before, I answered it. The next day I got a call from my bank asking if anyone I knew was in Eastern Europe because they had withdrawn $500 out of my account from an ATM. I told them "NO" and the bank froze my account. I had to get new account numbers but the bank did put $500 back into my account. I had to fill out a federal complaint form so our government could work with the foreign government to try to apprehend who did this. I never heard anything back and I doubt they ever got the people responsible. It was a big scam that is obviously still going on like the letters from someone in Africa in dire need and wanting you to transfer funds into their account. I get lots of those!

I did send the website and complaint to Paypal as well so they were aware what had happened. No one from there contacted me either that I recall.

It was a lesson learned and I haven't had anything happen since -

Angel Mom said...

Yep, I get those all the time. So annoying. I'd like to know how you've been able to avoid them until now!

painted maypole said...

i get these all the time, too. and the ones "from Ebay", telling me I am a platinum seller. Um.. I only ever use ebay to BUY things. I know someone who lost her ATM card, and then someone called her telling her they were the bank and someone had returned the card, but they needed her to give them her PIN number so they could verify it was really her card, only give the number to them backwards, in case anyone was listening. AND SHE DID!!! No, not the brightest lamp in the room, that girl. As you can imagine she lost a bit of money on that deal.

Lori said...

I am married to the world's most cautious man who is completely attuned to any and all weird/fishy/creepy/scam-like things in the world, so I have learned to be very, very careful. If I ever wonder about anything I just ask him.

He's paranoid- but I love him! :)

thirtysomething said...

Geez. Internet scams are the worst, glad you caught on and did not reveal any info.

Beruriah said...

Funny, somehow it has never occurred to me ever to believe these scams. I probably received my first one 8 or 9 years ago. Don't remember. I get them constantly - my spam fills to the thousands monthly - but that's to my university account where I'm on lots of lists that are easily compromised. Before the spam box, I used to get especially offended by those that called upon "our shared belief in G-d."

I received an impressive one mimicking Amazon just moments before checking your blog.

niobe said...

Trying to think why I've never gotten one before....

At work, we're protected by a ruthless firewall that sometimes keeps out even legitimate email, so I'm not surprised that I haven't seen any scam emails there.

I guess I never used a personal email account very much until I started blogging, so that might account for it. Luckily, in this case, I couldn't have sent them any useful account information even if I had wanted to.

Jennifer said...


Furrow said...

What Aurelia said about email likely becoming obsolete as a tool for business communication could very well be true. I get at least 5 of these per day.

On the other hand, if businesses do continue to use email, they will have to be more careful than ever about grammar, syntax, and the like. It gives unemployed English majors hope for the future.

M said...

I remember the first time I got one of these I had to look twice at it as well.... I've also had one from ebay but did report it to them.

Amelie said...

That was a good reason, not having a bank account with XYZ. I rarely click links that come via email, and just in case my email reader also warns me whenever there is a difference betweeen the real address and whatever it pretends to be.

AJW5403 said...

I have gotten these e-mails before. I always wonder who in the world actually gives them their info. The best one I have been getting lately is that there is money in an S. Afican bank and if I give them my checking account number and let them transfer the money there I can half of the money.