A huge new wave of bank-related phishing scams is sweeping through North America and Europe, claiming thousands of victims.
Mostly, the scams are the familiar sort where victims get an email or phone message, with a link to a bogus website where they're asked to provide personal financial details.
What is unusual is the scale of the outbreak, with scores of local communities being targeted, all within the past couple of weeks. It's not known if the individual attacks are connected with each other.
In one case, scammers are trying a new multi-bank approach that experts fear could lead to a massive haul of stolen identities and financial losses of over $1M.
We also have news of two new prizewinner-type cons, a scam to trick people into paying for making benefits claims, and the story of the hoaxer who claimed he was Frank Sinatra's grandson!
1. Phishing scam #1: "Casino Rewards" could rake in $1m Mostly, the scams are the familiar sort where victims get an email or phone message, with a link to a bogus website where they're asked to provide personal financial details.
What is unusual is the scale of the outbreak, with scores of local communities being targeted, all within the past couple of weeks. It's not known if the individual attacks are connected with each other.
In one case, scammers are trying a new multi-bank approach that experts fear could lead to a massive haul of stolen identities and financial losses of over $1M.
We also have news of two new prizewinner-type cons, a scam to trick people into paying for making benefits claims, and the story of the hoaxer who claimed he was Frank Sinatra's grandson!
The scam: A new bogus email offering a £100,000-limit credit card and a whole range of potential prizes could
become the world's first million dollar phishing scam, say Internet
security experts.
Unlike earlier phishing emails that claim to be from a specific bank
or card company, the new one, pretending to be on behalf of a "Casino
Rewards" program, carries a drop-down list of financial institutions.
It's a colorful email, illustrated with images of Vegas hotels, and
claims "Casino Rewards" is being run jointly by Visa, MasterCard and
Amex. Victims are invited to select their existing credit card company
from the drop-down list of 12 card providers.
A link takes them to a phony page that looks like their genuine card
company website, where they're asked to key in their username and
password.
Since a normal single-card phishing operation usually nets about £100,000, this multibank approach could bring in more than a million,
say Internet intelligence experts Envisional.
The solution: Despite all previous warnings, people
still fall for this well-known con. In this case, says Envisional,
victims are especially comforted to see the familiar 'big three' credit
card symbols. And because these organizations operate internationally,
victims are being targeted across the world.
There is only one sure way to avoid this fraud: Never click on an
email link for any financial organization. If the offer interests you,
find the bank's real website address and go there independently. And of
course, as we always say, "if it's spam, it's a scam."
2. Phishing scams #2: UK attacks leap 180%
The scams: APACS, the UK trade association for banks
and others involved in money transfers, announces that emails that
phish for people's personal financial details jumped by 180% in the
first six months of this year.
In the same period last year, there were 7,200 different attacks.
This year, the number was 20,600. The news comes at a time when the
number of people using online banking in the country rocketed by 500%.
So APACS fears the number of phishing scams will continue to rise.
The solution: In addition to the advice in the
previous item, APACS also points out that phishers often don't know
their victims' names, so their emails often begin with a giveaway like
"Dear valued customer."
3. Phishing scams #3: Phone messages target US communities
The scam: In multiple US locations, victims receive a
computer-generated voice message, on both cell and home phones
seemingly from a local bank.
The call tells victims their debit card or bank account has been
suspended or some other action is needed, and to phone a toll free 800
number, where personal financial information is requested.
Using genuine bank names, calls go out to thousands of people,
including in Bedford, IN (Stone City Bank), New London, CT (Charter
Oak Federal Credit Union), and Wisconsin Rapids, WI (Bull's Eye Credit
Union), and to many other locations (using nationwide names like
Citibank Online and Wells Fargo Online).
Solution: The scale of this current outbreak is alarming. Banks just do not
communicate with customers on such critical issues in this way. Even if
they did, they wouldn't use recorded messages. It would a personal
call.
Anyone who receives a call like this should call the bank on their
regular phonebook number. If you're already a victim, contact your bank
immediately.
4. Phishing scam #4: State department name used in tax con
The scam: We wrote last week about a new tax scam
outbreak where phishing emails claim to be from the IRS. Well, just to
add to our warning -- similar emails appear this past week, purporting
to be from a state's Department of Taxation.
The Hawaii Department of Taxation reports several cases where emails
claiming to be from the department tell victims they're entitled to a
refund. It asks for debit card information so the refund can supposedly
be deposited directly to the recipient's bank account.
The solution: The only place where, for tax
purposes, you may provide bank details (at your discretion) is on your
annual tax return. Neither the IRS nor individual taxation department
seek this information via email.
5. Don't pay for benefits claim
The scam: Websites offer to help with unemployment
insurance claims for Missourians who've lost their jobs and are eligible
for benefits for 26 weeks. Some sites offer the service for a fee, when
the state of Missouri actually processes claims for free. Others ask
for personal financial details, which suggests a phishing attempt.
The solution: Most state and federal benefit
services do not require fees. In all cases, always deal directly with
the relevant department. If anyone does offer to provide a service that
supposedly speeds up the process or makes it easier, check out their
credentials with the state department concerned.
6. Prizewinner scam #1: "Shoppers Sweepstakes" letter
The scam: Williamson County, IL, residents receive a
letter saying they've won $250,000 in the "Shoppers Sweepstakes" but
it's the well-known Nigerian lottery scam.
The scammers send a check to "winners" for $3,000 as an initial
payment, asking them to forward part of this as a money order to cover
processing of the win. The check is a dud but this is not usually
discovered until after the victim sends the money order payment.
The solution: Legitimate competition organizers don't charge winners for prizes. Never send money to collect a prize. It's always a scam.
7. Prizewinner scam #2: Don't shell out your bank details
The scam: SMS text messages flood cell phones in
Petaling Jaya, Malaysia. They tell owners they've won a competition run
by Shell Malaysia, and to transmit their bank account number to the
sender. The competition is genuine but the award notification is not.
The solution: This scam relies on the fact that most
people in a relatively small community entered the competition when
they gassed up their cars, so they weren't too suspicious about the
notification. However, the request for bank account details should have
set alarm bells ringing. Never give out such details.
8. He did it his way -- and look what happened
The scam: Claiming to be the grandson of Frank
Sinatra, a con artist hangs out around expensive hotels in the Austin,
TX, area. Smartly dressed, he carefully selects victims, strikes up a
conversation to win their confidence and then borrows money from them.
Not just small amounts either -- in one case a victim parted with
$300,000.
The solution: The golden rule for all confidence
tricks is to never accept somebody's identity or even what they say
their job is, just at face value. And don't accept anything they give or
show you as proof.
In this case, the scammer, who also tried his con in Florida and
Vegas, is said to have borne some resemblance to ol' blue eyes. But when
it came to earning money, he certainly didn't do it Frank's way!
That's it for our scam headlines roundup this week. Watch out for
those phishing bids which, like all the scams we report on here each
week, could be headed your way next. And when you see the next Sinatra
look-alike, best to keep your hands on your wallet!
Action FRAUD - Report Fraud and Internet Crime
0300 123 2040
www.actionfraud.police.uk
Sponsored by www.Fasano.co.uk - for the life changes.
Action FRAUD - Report Fraud and Internet Crime
0300 123 2040
www.actionfraud.police.uk
Sponsored by www.Fasano.co.uk - for the life changes.
