Phishing in a Recession
It started off as a typical day. I came into work, logged into my computer and checked my e-mail. I had a lot more messages than usual, but that didn’t seem too extraordinary. Then it hit me: There were only a handful of legitimate e-mails in the bunch. The rest were spam. And they weren’t just any spam, either — they were phishing attacks.
How did I know? Well, it’s certainly not uncommon for me to receive e-mails from my bank. But when the messages are riddled with spelling and grammatical errors, it doesn’t take a brain surgeon — or, in this case, an IT expert — to figure out that cybercriminals are at work.
One particular e-mail, however, looked like the real thing: It contained my bank’s logo and was very professionally written — brief and to the point. It asked me to follow a few steps in order to keep my online banking account alive and active.
Even though the premise sounded somewhat plausible, a red flag went up in my head when the e-mail prompted me to enter all kinds of confidential information. One quick call to my bank confirmed my suspicion that some type of illegal activity was taking place.
On that particular day, I considered myself lucky not to have fallen for what seemed like a fiendish — albeit well-executed — scam. After all, there are scores of people around the world who succumb to such fraudulent claims, and oftentimes it’s hard to blame them.
Take, for instance, a particular incident I recently read about in BusinessWeek.
Last fall, in the midst of growing economic concerns, rumors began to circulate that Citigroup would buy Wachovia. No sooner did the news break than cybercriminals pounced on the opportunity to prey on thousands of Wachovia customers, firing off phony e-mails that prompted them to update their accounts — and reveal sensitive information such as their Social Security numbers — in preparation for the supposed merger.
Needless to say, a good number of them fell victim to the phishing attacks. However, it could be argued that it’s the banks themselves that are getting the brunt of these scams, since they must cover part, if not all, of the losses.
According to the BusinessWeek article, a number of banks have resorted to downsizing their tech departments in a feeble attempt to weather the stormy recession. However, the repercussion of such a drastic measure is that it significantly compromises security at a time when the threat of fraudulent activity is probably at its highest. Cybercrime last year increased by a whopping 53 percent, according to McAfee. And cybercriminals are capitalizing not just on e-mail, but on social networking sites and other new technologies, as well.
Experts suggest certain extenuating circumstances — in this case, the recession — tend to make people resort to desperate measures to pocket a few wads of cash. A piece by Scambusters.org profiles another example of brazen deception in the form of a phishing e-mail sent to Bank of America customers.
The premise of the ploy was to urge customers to take an online survey with the promise of monetary compensation that supposedly would be deposited into their personal accounts. The end goal, Scambusters argued, was to steal either people’s money, identities or both.
The easiest way to spot fraud? One sign is when the wording is generic. In the case of the Bank of America scam, the e-mail was addressed “Dear Customer” instead of being personalized.
Additionally, as a rule of thumb, any e-mail that requires you to submit information such as your bank account number, PIN, password, debit or credit card numbers — or even your full name — ought to put you on high alert.
Moreover, in my opinion, a call to the bank can easily put any nagging suspicion to bed. Clichéd as it sounds, it’s always better to be safe than sorry!