Anti-Phishing Blog

Wednesday, January 28, 2009

Phishing with Text

Banks need to remind their customers that you do not contact them in emails or text messages, asking them to send you account numbers, debit card numbers and PINs over these unsecured channels. Phishing expeditions are continuing to thrive and now we see more and more attempts to gain information with text messaging.

Hello texting on your cell phone. Phishing expeditions are growing on cell phones as texting is becoming a common means of communication, and as many new cell phones were given as holiday gifts. Recently the Pittsburg, PA police department warned that customers in dozens of states are getting messages on their Sprint cellular phones from dozens of banks, asking for confidential information.

Customers need to be suspicious. Even if your caller ID tells them it is your bank calling or sending you a text message. "Spoofing" is a trick that allows the caller to contact you and make it appear as though it is your bank.

I recently read a news article where hackers in Asia were able to infect cell phones and initiate money transfers using those phones. In many areas of the world cell phones are used for banking where small purchases are made solely on the phone. This has not been popular in the U.S. But the message is the same, security and awareness are keys to protecting your customers.

If your customer has a question or receives a text message or email, they should be warned to call your bank using a known telephone number and not a "special one" provided in the message. Your bank then has to know where to send these calls for information. Infrastracture starts with you. Precautionary warnings should also appear predominantly on your web site as a constant reminder.

Scammers send these messages because when a small percentage of a very large number do respond, they get money, your money. Stop the crime before it starts.


Post a Comment

<< Home