Phishing Schemes: The New Wave

Wells Fargo, TD Bank Respond to Scams Targeting Customers

By , August 30, 2011.
Phishing Schemes: The New Wave


See Also: Fighting Financial Fraud: Mitigation for Malware, Phishing & DDoS Attacks

s summer draws to a close, banking institutions and their customers face a new wave of targeted phishing attacks - and industry experts predict these incidents will only increase in the months ahead.

In recent days, both Wells Fargo Bank and TD Canada Trust alerted customers of targeted, or spear attacks. And in Idaho, the Attorney General and the Idaho Bankers Association issued their own consumer warning about the schemes, which included fraudulent phone calls to numerous consumers in the state feigning to be from Wells. In addition to Wells, the Idaho AG's Office also warned that targeted voice and text attacks had been linked to Idaho's Boise Federal Credit Union and Home Federal Bank.

"These messages are designed to reach as many potential victims as possible," said Attorney General Lawrence Wasden. "The senders do not know anything about you or your card. Many people who have received the messages do not have accounts with the bank or credit union purportedly sending the message."

The calls and texts, often referred to as vishing and smishing, reportedly told consumers their credit and/or debit cards had been compromised, and then asked recipients to call a phone number to provide personal banking information to have the cards reactivated.

"Your bank will never contact you to ask for your account number," Wasden said. "Your bank already knows your account number. These messages are 'phishing' attempts by people trying to steal your account information so they can steal your money."

The Idaho AG's Office, in response to heightened online and phone-based schemes, now publishes an identity theft manual to help consumers whose personal information has been stolen.

Wells spokesperson Michele Rene Scott, who focuses on online and mobile banking, says phishing attacks of all forms and method are major concerns. "Generally, fraudsters don't know if people they send phish messages to are Wells Fargo or Wachovia customers," she says. "They simply hope that a percentage of their messages will be received by actual customers." [See Phisher Sentenced to 12 Years.]

Banks and CUs Take Aim

Phishing attacks are on the rise, and financial-services are more often than not the target.

Dave Jevans, head of the Anti-Phishing Working Group, a global consortium of IT leaders aimed at stunting the rapid growth of online attacks, says banks and credit unions need to brace themselves for more attacks aimed at customers, members and institution employees.

"Banks and their customers are among the biggest targets of phishing and spear-phishing," Jevans says. "Banks represent about 55 percent of phishing attacks, and payment services such as PayPal are 25 percent. So, 80 percent of all phishing is targeted at banks and payment services." And that should be alarming.

According to a June APWG survey, about one-third of the survey's 270 respondents said they had been repeat victims of phishing attacks. Website security vulnerabilities were cited as being the most common gaps cybercriminals abused.

APWG says organizations are not properly monitoring for anomalous behavior or suspicious traffic patterns that could indicate previously unseen, zero-day attacks. Earlier this month, the Federal Deposit Insurance Corp. announced a phishing scheme that was targeting consumers under the veil of the FDIC.

In the wake of Hurricane Irene, the Federal Bureau of Investigation on Monday issued a statement about the potential for fraudulent e-mails that appear to be from charitable organizations or other institutions interested in relief donations. "Disasters prompt individuals with criminal intent to solicit contributions purportedly for a charitable organization or a good cause," the release states.

The FBI release links to a note prepared by the Internet Crime Complaint Center [IC3] about fraudulent contribution schemes. Scams after disasters aren't new. Just last year, phishing schemes targeted financial institutions and customers after the BP oil spill.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Apple Watch: 8 Security Issues

Apple has unveiled its long-awaited Apple Watch, which the company will begin shipping in nine...

Latest Tweets and Mentions

ARTICLE Apple Watch: 8 Security Issues

Apple has unveiled its long-awaited Apple Watch, which the company will begin shipping in nine...

The ISMG Network