Season's Thievings: New Scams Target Bank Customers

Experts Encourage Institutions to Go Public with Stories, Education While most people are planning time off from work over the holidays, criminals are working overtime this season on new scams to steal personal data.

The latest fraud schemes come from Connecticut, Hawaii and Oklahoma.

The Connecticut Banking Commissioner warned residents last week about credit card scams hitting the state. In one case, a caller claimed to be from Bank of America and said he wanted to verify certain activity on the user's debit card, and needed the credit card number in order to pull up the account. In another case, a caller identified himself as being with Visa Services and stated that he wanted to lower the interest rate to 6 percent. When the consumer said that they did not have a Visa card, the caller asked if they had a Mastercard and requested the credit card number.

"Luckily, in both cases the recipient of the call refused to give their credit card number and hung up on the caller," says Banking Commissioner Howard Pitkin.

In Lihue, on the Hawaiian island of Kaua'i, police are warning people to be on the look out for an email phishing scam that purports to be from the Social Security Administration. The phishing email tells the recipients there is something wrong with their Social Security records and directs them to a fake web site. Once there, the victims put in their social security number and receive a false statement. But downloading the statement also means the user's computer becomes infected with a virus that searches for logon information to access bank accounts, reports the Kaua'i Police Department.

In Oklahoma, bank customers are being tripped up by company checks that are sent by a "lottery commission." Scammers are getting these checks by stealing a legitimate check from a local or out of state company. They then counterfeit them and flood an area with the checks, asking that the winner deposit the check and send a portion of the amount by wire to the "lottery commission."

Invariably, some bank customers fall for this ploy, says Elaine Dodd, head of the Fraud Division at the Oklahoma Bankers Association. Recently, she called an out-of-state company to verify that the check was legitimate. The luxury car dealership in another state told her that they hadn't written any check to anyone in Oklahoma. "The dealership told me they were glad to find out, as it ended up there were more than a hundred checks issued in that counterfeit check scheme," she says.

Educate Your Customers
What these and other new schemes point to, fraud experts say, is the need to educate customers about these types of scams. "One of the things I'm telling banks to do is get in touch with their local media, and tell them the story on these scammers," Dodd says. "Out here in Oklahoma, the work-at-home scams are hitting us hard."

One person who was out of work and desperate to pay his mortgage and bills wired two different work-at home scams money in order to get hired, Dodd says. "The man wired via Western Union more than $5,000, and that money is essentially gone."

If a bank can get someone who has been scammed to go on the record with the news media, the story becomes even more compelling. "Putting a face on these kinds of fraud is helpful; then people recognize the scam could happen to them," she says.

Another thing that Dodd tells banks is "[Be] consistently nosey with customers. If you see a customer making a large cash withdrawal, just ask them. If it has anything to do with winning the lottery or work from home, tell them it's a scam," she adds. "Anytime you hear Western Union or any type of wire service, tell them to jump backwards; it's 150 percent positively a scam."

Also remind customers, whether it is a credit card company or the bank calling, "When your bank or credit card company calls or emails you, they will never ask you for your account number; they have it already."

Security expert Robert Siciliano, CEO of IDTheftSecurity.com, agrees with Dodd and says banks are still not doing enough to educate consumers. "They sweep it under the rug," he says. "If they marketed themselves as a caring bank who is concerned about the safety of their customer, wrapping security around their brand, they'd be ahead of the curve."

There has to be a constant beating of the drum by institutions about information security, he says.

"Where do you want your customers to learn about information security, from you or from hearsay or others who don't know what to do -- or worse, give your customers bad information on what to do?" Customers should feel that their institution is there for them, he says. The message should be: "We've got your back -- we're your institution, and we're here to help."


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.