posted
Just the other day I got a second email from some Bank of the West:
quote:Dear BankoftheWest.com customer,
We recently have determined that different computers have logged onto your Online Banking Bank of the West account, and multiple passwords failures were present before the logins.
We now need you to re-confirm your account information to us. If this is not completed within 24 hours, we will be forced to suspend your account Indefinitely, as it may have been used for fraudulent purposes.
We thank you for your cooperation in this manner .
Click below to confirm and verify your Online Banking Account: [link removed] Note: If you choose to ignore our request, you leave us no choice but to temporary suspend your account.
Best Regards, Bank of the West Security and Anti-Fraudulent Department.
I Googled Bank of the West just because I was curious and I guess it is a real bank. Too bad I am not a customer. I haven't ever heard of them. I did not click the link provided but I am wondering if anyone here that also has a Gmail account has gotten an email like this.
*sniff sniff* Smells like a scam to me.
Posts: 2064 | Registered: Dec 2003
| IP: Logged |
posted
btw, Bank of the West is the name of an actual bank. I'm assuming that scammers do this in the hopes that a couple dozen people out of the hundreds of emails sent are actual customers. And then, of course, they hope that a couple actually send them info.
If you get one of these and have a minute or two, it is probably a good idea to look the real bank up. They will often have a link on the front page to report this type of scam. Hopefully the bank will act in time to prevent people from being scammed.
Posts: 2437 | Registered: Apr 2005
| IP: Logged |
posted
I've received these for a lot of banks in the US - and I've never had a bank account in the US. It's called phishing. And yes, it's a scam.
A real bank, or PayPal, or any other authentic institution that may have a legitimate reason to have personal information on you will never put a link in an email requesting personal information. If they're at all intelligent.
If you ever receive such a thing, regardless of who it's from, NEVER use the links in the email. Always go to the institutions website the way you normally would.
Posts: 8355 | Registered: Apr 2003
| IP: Logged |
posted
So, why don't they fight back? I mean, it'd be a pretty simple thing to set up a fake account and purposefully answer the e-mail. Then you just trace the transactions...
I'm sure they've thought of this, of course. So, how do phishers stay anonymous?
Posts: 22497 | Registered: Sep 2000
| IP: Logged |
posted
I work at a bank, and we always have tons of problems with our customers being phished. We investigate all we can, if they are using our bank's logo and mirroring our web site, and re-directing customers to theirs.
Almost always, the IP addresses of the Phishers end up being located somewhere like Pakinstan or Romania. However, that doesn't really indicate where they are, because they make several "hops". A guy in Pakinstan may take over a server in Phillipines and send the e-mails from there, then the page directs back to a hijacked server in Germany or such, and they pull the data from there back to another country. Etc.
We even have seminars for employees to help them know what to teach customers to keep them from falling for this.
Usually around four or five customers will be baited into it for each huge sweeping round of e-mails that the phisher sends out.
Their big trick is in putting the "link" directly in the e-mail. People click on that link and it sends them to a mirror site -with a different URL, but they have made it look just like the normal on-line banking site. People should instead open a new browser window and type in the URL of the bank site and check their account there -- never from a link inside an e-mail.
Bob -- we do try to fight back - but with international law, and with these people constantly changing IPs, etc. They are long gone before they can be traced. Those who are victims have already given them their account numbers, they have run to an international ATM and withdrawn funds from that account, and then they are gone.
posted
SPF. SPF, people. We've been using it for about a half a year now, and it kills phishers dead.
If your E-mail service does not do SPF, find one that does. Combined with simple header checks by a spam filter, it'll stop 99% of all phishing.
And if you're a corporation that hosts your own DNS and SMTP and you don't have a SPF record in DNS yet, get one. Don't be the last on your block.
Posts: 37449 | Registered: May 1999
| IP: Logged |
posted
I agree, Tom! My home internet e-mail provider has a great SPAM filter and SPF, and I have never received a phishing e-mail at home. I wish all our customers had e-mail services that ran through something like that.
posted
I guess my email providers don't do SPF. I get phishing emails all the time. My FIRST one was from the bank I actually use. I didn't fall for it, but my husband and I had never even heard of phishing. He got really upset, thinking that someone had already broken into my computer, because how else would they know that was my bank? When I started getting ones for other banks, we accepted that it was just a coincidence.
It seems to me that it would be easy for spam filters to catch phishing emails. Just look for links that have display text that is ALSO a URL, and does not match the link URL.
I'm shocked that my work email at the university doesn't catch them all.
EDIT: Oh, and what's SPF? Is there a link I can send to my ISP and IT department?
Posts: 2880 | Registered: Jun 2004
| IP: Logged |
When a phishing mail is sent, the phisher lies in three ways:
1) The "From" field lies, as it claims to be from some other entity. There's no way to enforce accuracy in the "From" field, unfortunately, without using a different sort of E-mail -- usually involving encryption -- altogether, and this isn't going to become standard overnight.
2) The actual domain of the sender reported by the E-mail is faked. SPF enables a spam filter to check for this kind of fraud by contacting the alleged domain and saying, "Hey, I got this E-mail from the following IP address. Would you please tell me which IP addresses are allowed to send SMTP E-mail from your domain?" And if the IP address of the message isn't on that list of valid senders, the filter assumes it's fraudulent.
3) Links contained in the message can appear to go to one location, but in reality point to another domain altogether. Quality spam filters can look for this behavior, and flag any message with this behavior as likely spam.
Posts: 37449 | Registered: May 1999
| IP: Logged |
posted
i understand phishing just fine.... where I got lost was the link to the SPF stuff. None of it seemed to be in non-geek english! lol
Posts: 4515 | Registered: Jul 2004
| IP: Logged |
Printer-friendly view of this topic
