Skip to content

Email Scam Targets Bank Web Sites

by Michele Petry, BOL Guru

In a new-age twist to an old scam, bank customers are receiving targeted emails purporting to be from banks, requesting that the customers disclose confidential information on a Web site.

Within the past month, customers of Bank of America and Wells Fargo have received fraudulent emails that at first appear to come from the bank, but the emails actually direct unwitting customer to links that go to unaffiliated Web sites. This latest round of email scams is an example of a growing trend to steal information in order to perpetuate identity theft online.

Last month, an individual fraudulently posing as a Bank of America associate distributed an unauthorized email asking recipients to enter personal financial information at a Web site masquerading as the Bank of America site. Bank of America became aware of the situation within hours of its onset and alerted authorities. The fraudulent site was quickly shut down. Details about the distribution and its source are pending investigation.

Recently, Wells Fargo reported receiving 40 to 50 emails from customers alerting the company to a similar email scam, purporting to come from the bank. In both the Bank of America and Wells Fargo situations, the authorities were contacted and no known customer information was gathered. Both institutions have warned their customers to be vigilant regarding disclosing confidential information only to legitimate known sources.

Given the recent increase in attempted email scams, banks should consider being proactive in reminding their customers to safeguard their information. The following tips can be helpful reminder for your customers regarding how your bank interacts with your customers online.

Checklist for helping customers understand how to use your bank's Web site securely:

  1. Inform your customers to always check to ensure they have connected to the correct Bank Web site address. If your bank has multiple addresses you should clearly state which web addresses are legitimate sources of bank information (e.g. for example, if you bank can be reach at: and both addresses, and ONLY those address, should be considered as a legitimate bank entry point).
  2. Inform your customers to always check that their browser indicates that a secure Web session in place by noting the LOCK in the lower right toolbar of their browser.
  3. Inform your customers to always log off a session when they finish using online banking to prevent someone else from gaining access to their information and close their browser.
  4. Remind your customers to protect all their PIN and access code information.
  5. Be sure to clearly state your email communication policy with your customers. If your bank never requests confidential information via email, your customers should be told that.

Related Resources:
Monitoring Domain Names
GURU Q & A: Monitoring Domain Names
FDIC Guidance: Protecting Internet Domains
OCC Alert: Protecting Internet Addresses of National Banks
Cyberscam Targeted by FTC

First published on 3/25/02

First published on 03/25/2002

Filed under: 
Filed under security as: 
Filed under technology as: 

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics