Banking and Savings Most Popular Articles

  • cash payment
    5 Strategies to Pay for College Today
    Military.com|
    To help streamline your college banking and find the cash to pay for an education in today's economy, here are five methods and...
  • UsingATMs
    Top Five Military Banks and Credit Unions
    Military.com|
    If you're in the military or are a veteran and are looking for a bank, this list is for you.
  • ATM
    10 Best Military Banks of 2015
    Military.com|
    A study investigated more than 30 military banks and credit unions, and came up with this top 10 list.
  • 70 ways to save money
    70 Easy Ways to Save Money
    Jeff Rose
    Here are 70 ways you can save money in the four biggest budget categories: food, transportation, housing, and health.
  • Pros and Cons of Online Banking
    Military.com
    Consumers view online banking as a quick way to pay bills and check their finances. However there are a few drawbacks to online...

Watch Out for New Breed of Phishing Scams

Phishing Scams

Maybe you think you can spot scam emails by the broken English, the pleas to wire money via Western Union and the references to Nigerian princes. Think again. The latest phishing attacks are so well-crafted, they look exactly like emails you might receive from major banks like Wells Fargo and Bank of America, says Ondrej Krehel, information security officer at Identity Theft 911, Credit.com’s sister company.

“It’s very sophisticated,” Krehel says. “Hackers are creating these pages to look exactly like professionally crafted bank pages. So it does have the look and feel and touch of your bank’s website.”

One recent email was noteworthy simply because it managed to sneak past Identity Theft 911's multiple firewalls and land in Krehel’s inbox. It appeared to come from Bank of America, even using a real no-reply email address from the bank itself as the sender, as opposed to an obvious fake like Hotmail or Yahoo.com.

Once opened, the email doesn’t deploy any malware to steal users’ passwords or snoop their computers (such malicious code would have been blocked by Krehel’s firewall). Instead, it informs the user that there’s been a serious problem with her account, and she needs to complete and return the attached form.

“The text of the email is very well crafted,” Krehel says. “It looks like something Bank of America would actually send you.”

The scammers didn’t even include any malware in the attachment, since that also would sound alarms within users’ anti-spyware programs. Instead, the attachment looks just like a page created by Bank of America itself.

The real Bank of America logo appears across the top of the file -- clicking on it takes the user to the bank’s actual site. The color scheme, with red and grey horizontal ribbons, and numbers in blue circles, precisely mimics the look of all the bank’s other communications. Even the mix of methods to input information, with drag-down boxes, checkboxes and places to type in text, are crafted exactly like the real thing.

The hackers are so good, in fact, that they customize the attachments to different banks. Another attachment Krehel received a few months ago had the exact same level of detail, only it spoofed the look and feel of Wells Fargo’s website.

“This is about collecting users’ data, and not triggering any antivirus” software, Krehel says. “So it’s the user driving the action.”

The attachment asks users to input all the information about their accounts, including their passwords, PINs, birthdates, Social Security numbers, driver’s license numbers, and the maiden and middle name of their mothers, plus six different security challenge questions, such as “Your first pet’s name.”

This, actually, is one clue to figuring out that it’s a scam, Krehel says. Banks may occasionally ask customers to verify information about a certain transaction. If you’ve never been to Hong Kong but suddenly your credit card goes on a shopping spree there, you might get a phone call from Bank of America, or an email asking you to call the bank. But banks never, ever, ask customers to confirm the security details of their accounts via email.

“If they have a problem with the account itself, they’ll probably shut down the account entirely and call the person, or email them and ask them to call a secure number,” Krehel says.

Second, the sheer number of security questions should raise alarm bells in the user’s mind, Krehel says. The one purporting to be from Bank of America even asked for the user’s email password and their father’s middle name, information that Bank of America itself does not need to know.

“It’s just overkill, the number of questions asked in one email,” says Krehel.

The takeaway: Phishing scammers are getting a lot more sophisticated. Here are some tips to avoid getting scammed:

** Pay attention. We get so many emails these days, it’s easy to go into autopilot. As long as a message doesn’t look like an obvious fake, with pitches for Canadian Viagra or Nigerian princes, we’re likely to distractedly click on just about anything. But especially when an email says it’s from your bank or credit union, it’s time to stop zoning out and pay attention.

** Just because it looks and feels real doesn’t mean it is real. Scammers know how your bank crafts its communications. Be alert.

** Remember: Banks don’t ask customers to confirm account security details online. Ever. If you receive an email asking you to do this, it is -- by definition! -- a scam.

** It’s OK to do nothing. Never click “respond” to any emails you suspect may be fraudulent. Never open any attachments.

** Never press “Continue” or “Next” on any attachment. Any time you interact with a scammer, you increase your risk of getting scammed.

** Call your bank. If you have any questions at all, just call. Anyone at your local branch should be able to figure out whether the email you received was real or a scam.

** Report the phishing email by forwarding it, without responding to it or making any alterations, to: reportphishing@antiphishing.org.

** Ensure that your computer, smartphone, or browsing gadget is running security software, and that you keep it current by downloading all the latest updates.

** For more information, and an up-to-date listing of recent phishing attacks, check out Antiphishing.org. It’s a great educational resource.

[Featured Products: Compare credit score, report, and monitoring plans at Credit.com]

---

Credit.com provides readers with unique insight, helpful tips and straight answers about their financial world. Our team of reporters and experts explore credit, loans, debt, saving, and identity theft topics, all designed to help you make smarter financial decisions. Visit Credit.com to sign up for your FREE Credit Report Card and find out where you stand today!

----

Contributing writer for Credit.com, Chris graduated with honors from the Columbia University Graduate School of Journalism, and has reported for a number of publications including The New York Times, TIME magazine and Popular Mechanics. Reach Chris via email at chris@credit.com.

Sound Off...What do you think? Join the discussion...

Military News App by Military.com

Download the new Military.com News App for Android on Google Play or for Apple devices on iTunes!

Featured VA Loan Articles

  • VA Loan Closing Costs: An Added Benefit
    Besides the advantage of requiring no down payment for qualified VA borrowers, there's also a distinct advantage for the borrow...
  • White suburban home.
    IRRRL Facts for Veterans
    Military.com
    IRRRL stands for Interest Rate Reduction Refinancing Loan,also known as a "Streamline" or a "VA to VA" loan.
  • US Map Showing High Cost Counties
    VA Loan Limits for High-Cost Counties 2017
    Military.com
    The VA loan limit for 2017 is $424,100. But it could actually be substantially more if you buy a home in a high-cost county. Se...
  • Get the FAQs on VA Home Loans
    We've answered 16 of the most frequently asked VA Loan Benefit questions. View them now to get a quick understanding of your be...
  • Top 3 VA Home Loan Tips
    There are numerous advantages to having a VA mortgage. A VA mortgage loan can be guaranteed with no money down, in some cases u...
© 2016 Military Advantage