Cyberscams exploit consumers' financial unease
SAN FRANCISCO -- The rippling financial crisis has sent consumers scurrying to the Internet for answers and advice. Online fraudsters are right behind, devising ways to steal personal information.
Cybercrooks are creating fake websites, spam, phishing attacks and malicious software code to take advantage of anxiety during the economic calamity. Like other extraordinary news events, the crisis has heightened fears and made people desperate for information, say computer-security experts.
"It's a new spin on old tactics," says Andre Gold, an independent security consultant who formerly was head of information security and risk management at ING.
•Spam and phishing. Most of the scams center on spam and phishing against the backdrop of bank failures, mergers and takeovers. Current and former customers of JPMorgan Chase jpm and Washington Mutual are being inundated with phishing attempts as Chase navigates an acquisition of Washington Mutual.
One example is an e-mail that appears to come from Chase. It asks customers to go to what is purportedly a Chase website, but is a fake, and provide personal information, such as user ID, password, name, address, phone number and Chase credit card number.
Phishing attacks on Citigroup soared shortly after it announced its intention last month to acquire struggling Wachovia, according to Internet researcher Netcraft.
•Fake websites. Many of the phishing attacks advise bank customers to follow links for websites and update their personal data. The sites are fakes, designed to trick victims into divulging their user name, password and more.
Citigroup c and Wachovia wb customers are among the targets, says Ori Eisen, chief innovation officer at The 41st Parameter, an anti-online-fraud vendor and former anti-fraud director at American Express.
"People's life savings are at risk," says Andy Klein, an e-mail expert at security vendor SonicWall. "Many are especially antsy because they haven't heard from their merged banks yet."
•Targeted malware attacks. Concern about targeted cyberattacks was a major topic among representatives of leading U.K. banks at a London conference this month, says Eisen, who attended.
Financial institutions such as Bank of America post information on their websites about the perils of suspicious e-mail and other online fraud. WaMu's website has a big banner with info on its merger with Chase.
How to avoid cyberscams
Computer-security vendor Proofpoint offers some useful tips on how consumers can best protect themselves:
1. Be aware.
View with suspicion any e-mail with urgent requests for personal IDs, financial information, user names or passwords. Your bank, online services or legitimate e-commerce sites are unlikely to ask you for this type of information via e-mail. You should be extremely suspect of similar e-mail that appears to come from an employer. Never send personal financial information or sensitive information such as Social Security numbers via e-mail.
2. Don't click.
If you receive a suspicious e-mail, don't click the links in that e-mail to visit the website in question. These links may take you to a fraudulent site that looks similar or identical but is designed to steal your personal information. Never click on a file attachment unless it's from a completely trusted source.
3. Be secure.
When you are shopping online, entering important information such as credit card numbers, or updating personal information, make sure you're using a secure website. If you are on a secure Web server, the Web address will begin with https:// instead of the usual http://. Most Web browsers also show an icon (such as Internet Explorer's "padlock" icon) to indicate that the page you are viewing is secure.
4. Don't fill out e-mail forms.
Never fill out forms within an e-mail, especially those asking for personal information. Instead, visit the company's website and ensure that the page you are using is secure before entering sensitive information.
5. Keep an eye on your accounts.
Check the accuracy of your credit card and bank statements on a regular basis, especially during a time like this. If you see anything suspicious, contact the financial institution immediately. Banks that have gone through a transition are also communicating on their public websites.