|
Security - Phishing w/ Incentive
Here is an article on Phishing with a monetary incentive:
Tuesday, March 22, 2005
New Phish In the Water
Some customers are very conscious of the email phishing scams. They don't want to give any information without knowing why. But if you offer a chance to win a used paper clip, many will give you everything you want to know. So the phishers have taken their work to the next level and provided the incentive.
In the last few days a new phishing letter has been reported. "Citizens Bank instant $5 reward survey" is the subject of the email. They are promised a $5 credit to their account for completing an online survey. The validation process includes the user submitting their ATM card number and PIN!
The site the user goes to looks valid, although there are some grammatical errors. It is still convincing. The phishing scam appears to be originating at ISPs in England and the Netherlands.
I believe this scam has promise because it tugs not on the fear factor of "your information may be compromised," but on the greed factor of getting something back from the bank. Thus far we've only seen this using Citizens Bank. But if it works, it will certainly be tested with other names inserted.
You should be warning your customers of these scams. Be proactive. The BOL discussion threads often have questions starting with "my customer has never been to Romania, but we're seeing debit card transactions from there, who is liable for these?" Remember the dollars you save may be your own.
# posted by Andy @ 3/22/2005 09:20:00 AM - Bank Security Blog
|
