New phishing attempt targets bank customers
Latest phishing threat exploits confusion over consolidation in banking industry to try to get information out of e-mail recipients for online financial theft and identity fraud.
Many people are wondering what to do now that their bank has been acquired in the wake of the lending crisis. Well, whatever you do, don't click on links in e-mails purportedly sent by your bank.
Security firm SonicWall said Thursday that it has been seeing e-mails that attempt to lure people to fake bank Web sites, where they are asked to re-verify their personal and bank information as part of a merger.
In one example that targets people affected by the Chase acquisition of Washington Mutual, the e-mail asks recipients to click on a link and confirm their identity so Chase can "activate new security features for our new and old online banking customers."
The link goes to a fake Chase Web site that asks for account log-in and other information, said Andrew Klein, a product manager at SonicWall. The scammers are gathering the information to sell to cybercriminals who will use it to transfer money out of victims' accounts or commit identity fraud, he said.
"Banks wouldn't do this online," Klein told CNET News. "Traditionally, what happens is you get a letter in the mail."
Phishers and scammers commonly exploit news events to lure victims to sites that contain malware or that ask them to supply information. Cybercriminals are evento find out what Web search terms are the most popular in order to make sure they have timely and relevant content on their sites with which to attract victims.
But this particular type of phishing attempt is particularly dangerous given how confused many consumers are about what the bank acquisitions will mean for them.
To test your knowledge of phishing and spam, try taking this SonicWall quiz.