Every day it seems like we’re hearing about a bank merger or at least banks talking about merging. Washington Mutual and J.P. Morgan Chase. Merrill Lynch and Bank of America. It doesn’t look like we’ll be hearing any less of this anytime soon, as more banks are expected to fail. But some internet pirates are looking to take advantage of the situation, and you.
Last year, according to a Gartner study, over $3 billion was lost to phishing scams, and 3.6 million Americans were victims. According to Netcraft, phishing scams surged after the Wachovia/Citigroup merger. After the Wells Fargo bid, however, people might be receiving new fake bank notices in their inboxes, so watch out for that. With all of the mergers, takeovers, buyouts, etc., customers are confused, and phishers know this. Customers of merged banks often don’t know what their new bank website looks like, and phishers will take advantage of this ignorance easily.
“Phishers are basically lazy. They like to use templates a lot,” says Andy Klein, resident e-mail security expert at SonicWALL, an online security solutions enterprise. “They’re doing minor modifications to existing ones, leveraging the confusion factor. It’s real easy for them to update a template and using the same phish work for as it was two weeks ago with all of this in play.”
When the economy has hit rock bottom, and many Americans along with it, it is extremely cruel that some people are making a profit out of this identity theft. But there are simple precautions one can take to prevent this. “Be aware of phishing and get a little smart with it,” Klein says, “You don’t have to be an expert, but many of the different financial institutions have phishing information on their site.”
First off, if your bank wants to double check personal information with you, they will never confirm this in an email. They might notify you of something via email or US mail, but always type in your bank’s site yourself. Be skeptical of phone calls as well, as a bank will never leave you a message asking you to leave them a message with financial or personal information. If you have any questions or inadvertently do something such as clicking the link from the email, contact your bank immediately. “Make it your first phone call,” Klein emphasizes. “Usually they have someone at the bank who will help you through the process. Speed is important at that point.”
Then there are the obvious, but sometimes little clues. Check the email address carefully (Why would a bank use a Yahoo or Hotmail account?) and double-check for spelling. Spam is notorious for bad spelling. If you’re still a little unsure, you can take SonicWALL’s online phishing quiz.
Bottom line: never type in private information into any page linked from an email to what looks like a bank homepage. If you’re not sure, just call the bank. There might be a small fee and it may take a little time, but isn’t your identity worth it?
– Rachel King