The Agency Insider with Linda McGlasson

It's Phishing Season; Beware These Scams

It's Phishing Season; Beware These Scams

There isn't a day that goes by that I don't get at least one phishing email in my multiple email inboxes. I'm sure that my ISP has a filter, and my junk mail folders are always bulging, but somehow the phishers are still trickling in. Most of these bogus emails are easy to spot, but others are trickier. I read the subject line, and 99 percent of the time I don't have to go any further before I hit the delete key.

But then again, I've had more than a few years to study these suckers, so I'm not an average email inbox user. However, phishing has been around for some time, and most folks have been taught to be wary of the possible dangers caused by scams that look like they're coming from a business.

Now, I'll pose the question to you: What about when you get a communication purportedly from a government agency? Bogus emails and even phone calls now show up regularly, appearing to be from a government agency. Most people would assume that these communications are real because they look authentic, supposedly coming from the Social Security Administration, Internal Revenue Service or, as I wrote last fall, even the Federal Deposit Insurance Corp.

Spring is the season for the phishers to come and try to take advantage of to the unsuspecting public in the form of official-looking emails talking of tax refunds, as well as claims that the government has money waiting for them. Would your customers (or employees) fall for such a blatant ploy? At least one in three would, according to one recent test.

The "white hat" hackers at Intrepidus, a New York-based information security service provider, recently tested 2400 employees at two of its clients with a "tax refund" scenario phishing email. The clients were a state agency and a small bank. This test got really interesting, says Rohyt Belani, CEO of Intrepidus, when an average of 35 percent of the employees clicked on the email to find out what the tax refund email contained.

"That is a big foothold for a hacker," Belani says. "Just imagine that over one-third of your employees (or customers) clicked on a link that could potentially infect their PC and your network."

The good news says Belani, is that it was only a test. The bad news, unfortunately, is that these kinds of phishing attacks can and do happen to any business or individual consumer.

Here are some other scams for employees and customers to avoid:

  • Anything Claiming to be from the IRS -- Despite the flood of messages purportedly from the agency, the IRS doesn't discuss tax account matters via email. It also doesn't initiate taxpayer contact via unsolicited email or ask for personal identifying or financial information. Taxpayers do not have to complete a "special form" to obtain a refund.
  • Social Security Alerts -- Another phony email claims to be from the Social Security Administration (SSA), threatening that if the person doesn't update their account information (on a bogus site) they will not receive a cost-of-living increase. Now, consumers may receive official letters from SSA attempting to verify that their address or bank has changed, or that they have become ineligible for benefits. Such letters are likely to be legitimate if they do not request information. But it's always best to verify communications by calling SSA: (800-772-1213).
  • FBI Windfalls -- Earlier this month, the Federal Bureau of Investigation warned Hawaii residents to not fall for emails that claimed to be from the bureau. The phishing emails include FBI letterhead, seal and banners with the FBI Director's photos to make them appear genuine. The notes claimed that the recipient had inherited money, or others claimed that the FBI was imposing fines through email -- which isn't done. The FBI says they have received a large number of complaints, leading investigators to believe that hundreds or even thousands of residents received the emails.

Oh, and where do you think the emails originated? You guessed it -- Nigeria.



About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.