Fake bank Web site scam reaches U.S.
By David Legard, IDG News Service
May 14, 2003 12:00 PM ET
IDG News Service - Bank of America Corp. has warned its customers to be aware of a scam that attempts to get them to log into a fake Web site that then captures their personal financial details.
The scam was attempted recently via e-mail and is similar to ones recently perpetrated in Australia on Commonwealth Bank, Westpac Bank, and Australia and New Zealand (ANZ) Bank.
The fraud works by sending a spoof e-mail to bank customers asking them to click on a link to a fake site resembling the real bank site, where customers are asked for their account name and password. Fewer than 75 customer accounts were compromised in the latest scam; the bank has helped those customers change their passwords and protect their accounts. The fraudulent site was shut down within 13 hours, and details about the e-mail distribution and its source are under investigation, Bank of America said.
Bank of America urged its customers to take precautions when making transactions online, including the following:
- Review a Web site's URL to check its legitimacy, seeing whether the spelling is correct or appears suspicious.
- Be careful before providing personal information, Social Security numbers, and account or credit card information over the telephone, in person or on the Internet.
- Notify the bank of suspicious phone or e-mail inquiries, such as those asking for account information to verify a statement or award prizes.
The Australian scams also failed to cause any serious damage, with only 50 customers at ANZ needing their accounts set up again.
A wider form of online bank fraud proliferating worldwide is "419," or advance-fee scams, which are perpetrated by Nigerian gangs who have set up several dozen fake bank Web sites that have no relation to any actual bank. In this scam, the gangs use e-mail to try to persuade victims to help them make multimillion-dollar transfers out of Nigeria in return for a percentage of the money
(see story).
Victims are encouraged to set up an online bank account with the fake bank, where the money duly appears. The victim is then asked to pay the fraudsters some fake charges or taxes by another method such as Western Union, at which point their account at the fake bank disappears.
These fake bank sites are operated freely in Amsterdam, giving the fake bank credibility it wouldn't have if it were based in Nigeria, according to a group that monitors these frauds. "When the crime crosses borders, the police of other nations [apart from Nigeria] have a chance to get involved. But anecdotal evidence suggeststhat this is rare," the Chaos Project antifraud group wrote in an advisory. "The authorities in some countries place a fiscal limit on getting involved -- you have to have lost quite a lot of money before they will bother investigating."
The antifraud Web site Scamorama and other security organizations have compiled lists of over 50 fake banks set up and used by the Nigerian 419 fraudsters. A partial list is available
online.
Free Insider Guide