I must admit that I get very tired of opening my email accounts only to see spam email after spam email, designed to sell me something I don’t want and that I have absolutely no interest in. While these emails are not harmless given that sending spam violates the Acceptable Use Policy (AUP) of almost all Internet Service Providers, it’s the phishing emails that cause me the most frustration.
It seems that more and more often, these days, I get phishing emails in my inboxes all designed to trick me into revealing financial information that can be used to steal my money. This morning was no exception when I received a Bank of America Alert requesting that I update my account information.
If you’re unfamiliar with phishing, it is defined as the act of tricking unsuspecting Internet users into revealing sensitive or private information. It relies for its success on the principle that asking a large number of people for this information, will always deceive at least some of those people. So phishing is considered an opportunistic attack, rather than the targeting of a specific person.
In a phishing attack, the attacker creates a set of circumstances where the potential victims are convinced that they are dealing with an authorized party; in this case, the Bank of America. What makes this particular type of scam so potent is, the average person on receiving an email from an authoritative source, generally lowers their defenses.
According to this email my online banking privileges with Bank of America have been blocked due to security concerns. This looks like an official email to me and the enclosed link makes it simple to get this problem solved with just a mouse click. What could be easier than that?
Clicking on the link would have redirected me to a spoof page, comparable to the original site, and I would then have begun the process whereby the scammers would have stripped me of all the confidential information I was willing to provide.
My financial and personal details, had I entered them, would then have been harvested by the cyber-crooks behind this fraudulent scheme who would then have used this information to commit identity and financial theft.
The reality is of course; your bank or any other legitimate financial organization will on no account, ask you to divulge account information or passwords via email. Credit card numbers, ATM PIN numbers and additional financial information would never be required to enable you to find out the current status of your account.
These types of attacks against financial institutions, and consumers, are occurring with such frequency that the IC³ (Internet Crime Complaint Center), has called the situation “alarming”, so you need to be extremely vigilant.
Be kind to your friends, relatives, and associates and let them know that these types of scams are now epidemic on the Internet. In that way, it raises the level of protection for all of us.
Minimum safety precautions you should take.
- Consider every email, telephone call, or text message requesting confirmation of your personal and financial information as a scam.
- When contacting your bank; use a telephone number from your statement, a telephone book, or another independent source.
- Don’t open emails that come from untrusted sources.
- Don’t run files that you receive via email without making sure of their origin.
- Don’t click links in emails. If they come from a known source, type them on the browser’s address bar. If they come from an untrusted source, simply ignore them, as they could take you to a web designed to download malware onto your computer.
- Never click on embedded cell phone links.
- Keep your computer protected. Install a security solution and keep it up-to-date.