Beware of These Email Bank Scams
One of the most popular identity theft scams is to send spam to potential victims advising them that they need to visit a financial service's Web site to update or confirm their personal information.
Naturally, the URL in the scam email sends the victim to a phony Web site, and when the victim has divulged his or her personal and credit card information, the scammer can make off with lots of cash -- and perhaps the victim's identity as well.
Later in this issue you'll read about how scammers are targeting Best Buy and eBay users with similar schemes, but this section describes the latest forged emails purporting to be from banks. Don't be fooled...
1. Citibank c2it
The scam: You're a user of the c2it money transfer service from Citibank, and you receive an email saying that your account has been placed on hold for security measure maintenance. You're asked to visit a Web site to confirm your account information.
Tip-offs that it's a scam: Not many. It's a professional looking email, with a Citibank logo. One tip is that the return header is from a Hotmail address. Another tip is that, if you click the submit button, the link takes the user to a site owned by the Harvard-Smithsonian Center for Astrophysics.
2. Bank of America
The scam: You're a customer of the Bank of America, and you receive an email from custommersupport@bankofamerica.com with a subject line "Security Server Update." It informs you that because of a 'technical update' you need to reactivate your account by visiting a URL and re-entering your personal information.
Tip-offs that it's a scam: It contains many spelling and grammar errors. As well, the URL leads to a broken Web site (it has been taken down).
3. First Union Bank
The scam: You're a customer of First Union, and you receive an email from bankaccount@firstunion.com telling you that First Union has lost your online banking user name and password. The email tells you to go to a Web site and re-enter the information.
This one is particularly nasty, because simply visiting the Web site downloads a 'backdoor' Trojan program to your computer that can give scammers the ability to control your computer remotely.
Tip-offs that it's a scam: The URL given is a firstunion.com address. Wachovia.com is now the Internet address for both First Union and Wachovia customers.
How can you avoid getting scammed this way?
- First, be calm. Most of us receiving an email like this might be alarmed that our account was frozen or our credit card information had been stolen. But by being calm, you can make sure you assess the situation rationally instead of just following the instructions in the email.
- Recognize that legitimate companies never request this information via email. When you get this kind of email, realize the chances are excellent that it's a scam.
- Go to the official Web site for the financial institution directly by typing its URL in the address bar of a Web browser, *not* by clicking any hyperlink in an email. If there is a real problem, it will most likely be on the home page.
- If you're still uncertain, email or call the company's customer support department, and ask them to confirm the email's authenticity. They will then tell you what to do next.
