Phishing Around the Globe
Phishing Scams Continue Around the Globe
Banks in U.K, Canada Are Latest Targets
by Michele Petry
Just days after the OCC issued guidance to U.S. financial institutions, customers of Barclays Bank in Great Britain, BMO Bank of Montreal and Toronto-based Mouvement des Caisse Desjardins were struck with a similar >
In all three cases, cyber-fraudsters sent email messages which were designed to appear as if they originated from the bank. The email contained a link to what looked to be the bank's Web site, but was in fact a spoofed Web site.
Customers were then prompted to enter personal information such as passwords and personal identification numbers, which could then be used by the hackers to compromise customer accounts.
In the case of one of the Canadian institutions hit by the scam, officials were able to quickly locate and shut down the spoofed Web site. However, that did not deter the persistent hackers from sending out a second email, again purportedly from the bank. This time the email said the hackers had been caught but in the process their personal information might have been deleted, and asked them to resubmit their information.
While the latest reports of "phishing" affected non-U.S. financial institutions, these incidents are on the rise. Citibank was a recent victim of a phishing expedition (see our article entitled Information Security Involves Customer Service, Too: Is your call center staff prepared? ).
Financial institutions need to educate their customers about the manner in which they will or will NOT request information from their customers.
The OCC offers financial institutions the following advice and suggestions for protecting against "phishing" scams:
- Provide notices on Web sites reminding customers that the bank will never request confidential information through email and to report any such requests to the bank.
- Print warnings and notices on customer statements or other paper mailings.
- Maintain current Web site certificates and describe how the customer can authenticate the bank?s Web pages by checking the properties on a secure Web page.
- Refer customers to or use Federal Trade Commission (FTC) resources to develop educational brochures to explain the red flags and risks of identity theft.
Information Security Involves Customer Service, Too: Is your call center staff prepared?
First published on BankersOnline.com 9/18/03
First published on 09/18/2003