Monday, July 7, 2008
HOW YOUR IDENTITY IS STOLEN
Every week, I get notices from banks telling me that I need to update my personal account information. But, every week, these notices come from banks that I don't have accounts with. I'm sure one of these days, HSBC will get around to sending me a reminder to send them my PIN number, Mother's maiden name, Social Security number, address, checking account number and other vital information.
Actually, that will NEVER happen, because banks don't send out emails asking you to send sensitive information about yourself to them. This is a scam. Unfortunately, unsuspecting people are being duped day in and day out and because of this, these scams flourish.
Here's how it works. You get an email from what you think is a bank. This last week, my notices came from Bank of America and Wells Fargo. I do not bank at either, but if they send out enough of these, they'll eventually reach someone who does have an account there. That's when they get you. They ask you to go to THEIR website and fill out a form with all of your personal information....and I mean ALL of your personal information. The site looks legit, but it's not. It's a shadow site that looks real, complete with real links to other departments at the banks.
The banks are well aware of these scams. Here's what I found at Wells Fargo's website:
Wells Fargo will never request that customers send personal information to us via email or pop-up windows. You should consider as fraudulent any request not initiated by you that you receive through emails, websites, or pop-up windows asking you for your Wells Fargo information. Report it immediately without replying to the email.
Fraudulent emails (phishing)
Phishing is usually a two-part scam involving email and spoof websites. Fraudsters, also known as phishers, send email to a wide audience that appears to come from a reputable company. This is known as a phish email.
In the phish email, there are links to spoof websites that spoof or imitate a reputable company’s website. Fraudsters hope to convince victims to give up their personal information by using clever and compelling language, such as an urgent need for you to update your information immediately or a need to communicate with you for your own safety or security.
Once obtained, personal information can be used to steal money or transfer stolen money into another account.
How fraudsters obtain email addresses
Fraudsters obtain email addresses from many places on the internet. They also purchase email lists and sometimes guess email addresses. Fraudsters generally have no idea if people to whom they send bank-related phish emails to are actual bank customers. They hope a percentage of those phish emails will be received by actual bank customers.
If you receive a fraudulent email that appears to come from Wells Fargo, this does not mean that your email address, name, or any other information has been taken from Wells Fargo’s systems.
Once you fill out that form, kiss your life goodbye. They've now got enough information to not only withdraw money from your checking and credit card accounts, but they can steal your identity. In other words, they take a picture of themselves and use all of YOUR information to create new I.D's and essentially become you. Below are a few examples of what the emails look like and the sort of information they try to get from you.
If you ever suspect a scam, check with the very reliable myth and fraud debunking site, www.snopes.com. Simply type in a key word and it'll search the database for that particular scam.
Dear Customer,
Our Technical Service Department has recently updated our online banking services, and due to this upgrade, we sincerely call your attention to follow below link and reconfirm your online account details. Failure to confirm the online banking details will suspend you from accessing your online banking account.
https://www.wellsfargo.com/login/update.html
We use the latest security measures to ensure that your online banking is safe and secure. The Administration asks you to accept our apologies for the inconveniences caused and express gratitude for cooperation.
Thank You.
Wells Fargo Investments, LLC
Online Banking Security Department
Restore Your account has been Blocked
--------------------------------------------------------------------------------
Dear Valued Customer :
We recently have determined that different computers have logged in your Bank of America Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us.
If this is not completed by June 11, 2008, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. In order to confirm your Online Bank records, we may require some specific information from you.
To restore your account, please Sign in to Online Banking.
thank you for using Bank Of America Online Service.
Please complete all of the information
USER INFORMATION
Online ID : (5-20 digits)
Bank of America ATM or Check Card PIN : (4-12 digits)
Passcode : (numbers and/or letters, case-sensitive)
Social Security Number :
Account Number :
Routing Number :
Last Eight Digits of ATM or Checkcard Number :
E-mail Address :
BILLING ADDRESS
Card holder name :
Address1 :
Address2 :
City :
State :
Zip :
Country : U S A
Phone Number :
ACCOUNT INFORMATION
Credit/ debit card number :
Exp date : 01 02 03 04 05 06 07 08 09 10 11 12 / 2008 2009 2010 2011 2012 2013 2014 2015 2016
Code verification number : (it is the last 3 or 4 digits AFTER the credit card number in the signature area of the card )
Mother Maiden Name :
Mother Middles Name :
Father Maiden Name :
Father Middles Name :
Date of Birth :
Please login to your BankFinancial Online Login
and visit the Message Center section in order to read the message.
To Login, please click the link below:
BankFinancial Online Banking
Copyright ©2008 BankFinancial | Member FDIC
Subscribe to:
Post Comments (Atom)
If people were more aware about ICONIX Anti-Phishing Plug in, I'm sure people would be more aware of phishing and fraud.
ReplyDelete