Tuesday, March 22, 2005
New Phish In the Water
Some customers are very conscious of the email phishing scams. They don't want to give any information without knowing why. But if you offer a chance to win a used paper clip, many will give you everything you want to know. So the phishers have taken their work to the next level and provided the incentive.
In the last few days a new phishing letter has been reported. "Citizens Bank instant $5 reward survey" is the subject of the email. They are promised a $5 credit to their account for completing an online survey. The validation process includes the user submitting their ATM card number and PIN!
The site the user goes to looks valid, although there are some grammatical errors. It is still convincing. The phishing scam appears to be originating at ISPs in England and the Netherlands.
I believe this scam has promise because it tugs not on the fear factor of "your information may be compromised," but on the greed factor of getting something back from the bank. Thus far we've only seen this using Citizens Bank. But if it works, it will certainly be tested with other names inserted.
You should be warning your customers of these scams. Be proactive. The BOL discussion threads often have questions starting with "my customer has never been to Romania, but we're seeing debit card transactions from there, who is liable for these?" Remember the dollars you save may be your own.
Some customers are very conscious of the email phishing scams. They don't want to give any information without knowing why. But if you offer a chance to win a used paper clip, many will give you everything you want to know. So the phishers have taken their work to the next level and provided the incentive.
In the last few days a new phishing letter has been reported. "Citizens Bank instant $5 reward survey" is the subject of the email. They are promised a $5 credit to their account for completing an online survey. The validation process includes the user submitting their ATM card number and PIN!
The site the user goes to looks valid, although there are some grammatical errors. It is still convincing. The phishing scam appears to be originating at ISPs in England and the Netherlands.
I believe this scam has promise because it tugs not on the fear factor of "your information may be compromised," but on the greed factor of getting something back from the bank. Thus far we've only seen this using Citizens Bank. But if it works, it will certainly be tested with other names inserted.
You should be warning your customers of these scams. Be proactive. The BOL discussion threads often have questions starting with "my customer has never been to Romania, but we're seeing debit card transactions from there, who is liable for these?" Remember the dollars you save may be your own.
Tuesday, March 01, 2005
Preparing to Fight the Identity Thieves
By now you have probably heard of the massive theft of customer financial information. It would be nice to think that the Choicepoint and Bank of America incidents were the end of the story but we all know that future incidents are likely.
What can you do?
The scary thing about these recent events is that the data thieves now probably have a good, clean set of customer profiles. But there are things you can do. For example, if someone wants to open an account using a stolen driver's license number, they'll need to create a counterfeit card. Make sure your all of your front line staff have access to the I.D. Checking Guide.
They didn't get everything.
Remember, the stolen data will not present a totally complete picture of the prospective applicant. Sure, the name, address, and social security number may be accurate, but can they list recent addresses or alternate phone numbers.
Be vigilant. You need to stay one step ahead.
By now you have probably heard of the massive theft of customer financial information. It would be nice to think that the Choicepoint and Bank of America incidents were the end of the story but we all know that future incidents are likely.
What can you do?
The scary thing about these recent events is that the data thieves now probably have a good, clean set of customer profiles. But there are things you can do. For example, if someone wants to open an account using a stolen driver's license number, they'll need to create a counterfeit card. Make sure your all of your front line staff have access to the I.D. Checking Guide.
They didn't get everything.
Remember, the stolen data will not present a totally complete picture of the prospective applicant. Sure, the name, address, and social security number may be accurate, but can they list recent addresses or alternate phone numbers.
Be vigilant. You need to stay one step ahead.
