mugwump
02-10-2007, 09:39
Just a heads up...I heard about this from a guy who consults on forensic analysis of web sites. I like to think I wouldn't have fallen for it, but who knows?
We had a very sophisticated phishing scam go down in Chicagoland, and my guess is they'll take their show to other parts of the country.
They send out a bunch of letters using correct bank letterhead and envelopes, correct employee names, etc. Very well done and all letters apparently are mailed on the same day. (Somehow they've gotten names of account owners :eek: ) They warn in the first and last paragraphs that you should never enter banking details into a web site without calling the bank first for verification. They even explain how to determine if SSL encryption is in place to secure the transaction. They then go on to ask you to confirm your details on their home website, after calling to confirm or course.
Both the 'main' number in the letterhead and the 'direct' number in the letter body are answered correctly ("Blah Bank, how may I direct your call?" and "Jane Doe, Blah Bank, how may I help you?"). The web site they direct you to is a spot-on copy of the real thing.
Accounts are being cleaned out within minutes of details being entered.
You gotta admire their attention to detail. They're not greedy either, they make their hit over 48 hours - two business days -- and then bolt. The two banks involved are apparently covering even uninsured losses (7 figures) because they got access to account names and they know they are liable.
Even bank robbers need an education these days.
We had a very sophisticated phishing scam go down in Chicagoland, and my guess is they'll take their show to other parts of the country.
They send out a bunch of letters using correct bank letterhead and envelopes, correct employee names, etc. Very well done and all letters apparently are mailed on the same day. (Somehow they've gotten names of account owners :eek: ) They warn in the first and last paragraphs that you should never enter banking details into a web site without calling the bank first for verification. They even explain how to determine if SSL encryption is in place to secure the transaction. They then go on to ask you to confirm your details on their home website, after calling to confirm or course.
Both the 'main' number in the letterhead and the 'direct' number in the letter body are answered correctly ("Blah Bank, how may I direct your call?" and "Jane Doe, Blah Bank, how may I help you?"). The web site they direct you to is a spot-on copy of the real thing.
Accounts are being cleaned out within minutes of details being entered.
You gotta admire their attention to detail. They're not greedy either, they make their hit over 48 hours - two business days -- and then bolt. The two banks involved are apparently covering even uninsured losses (7 figures) because they got access to account names and they know they are liable.
Even bank robbers need an education these days.