Fraudsters Aim to Capitalize on Financial Crisis
Scammers seeking to “phish” for sensitive data—that is, pose as a trusted institution in order to elicit personal account numbers, passwords and Social Security numbers from unsuspecting victims—often assume the guise of relief organizations and government agencies responding to catastrophe. It happened after 9/11. It happened after Hurricanes Katrina and Ike.
Now, in the midst of the financial crisis, it’s happening once again.
Swindlers are taking advantage of confusion over Wall Street mergers by posing as representatives of affected financial institutions and asking consumers to “update,” “validate” or “confirm” account information,” the Federal Trade Commission (FTC) has warned.
An e-mail currently making the rounds is linked to the recent acquisition of Wachovia. Bank customers are advised to install a special security certificate to enable (note the irony here) fraud monitoring to protect their account. Yet Arbor Networks’ Jose Nazario points out the download actually installs malware instead.
It is all too easy to fall for one of these scams as phishers have become very adept at making their fraudulent e-mails and Web sites look like the real thing. The Federal Deposit Insurance Corp (FDIC) recently warned of another malicious e-mail telling recipients to open and review an attached account statement.
Beware also of “very targeted techniques” through which scammers address potential victims by name and even include personal details that could lead a reasonable person to believe that the contact is authentic, writes Washington Post computer security blogger Brian Krebs.
Krebs warns of a recent phish purporting to come from Citibank (as noted by Phishtank.com, a community-based effort to verify and track phishing Web sites). The e-mail offers customers the option of moving their account to servers abroad. “This will prevent any financial loss from your account in case the U.S. financial system collapses,” the message claims. Although the e-mail asserts that the customer “won’t feel any negative impact of account movement,” well…no need to elaborate.
Avoid becoming a victim
- Don’t click on links even if they appear to come from your financial institution. Instead, navigate to your bank’s Web site or contact the bank directly using the phone number shown on your financial statements. That way, you can verify whether there truly is a need to provide them with personal or account information.
- Keep a close eye on your financial statements, note any discrepancies, and bring any concerns immediately to the bank’s attention.
Don’t let a dire financial situation catch you off-guard. Always make sure the organizations with whom you’re dealing are indeed legitimate. A little bit precaution can save you a lot of headaches in the long run.