Fake bank Web site scam reaches US

Bank of America Corp. has warned its customers to be aware of a scam which attempts to get them to log in to a fake Web site which then captures their personal financial details.

The scam was attempted recently via e-mail, and is similar to those recently perpetrated in Australia on Commonwealth Bank, Westpac Bank and Australia and New Zealand (ANZ) Bank.

The fraud works by sending a spoof e-mail to bank customers asking them to click on a link to a fake site resembling the real bank site, where customers are asked for their account name and password.

Less than 75 customers' accounts were compromised in the latest scam, and have been helped by the bank to change their passwords and protect their accounts. The fraudulent site was shut down within 13 hours, and details about the e-mail distribution and its source are under investigation, Bank of America said.

Bank of America urged its customers to take precautions when making transactions online, including:

-- reviewing a Web site's URL as a way to check its legitimacy, seeing whether the spelling is correct or looks suspicious

-- being careful before providing personal information, Social Security numbers, account or credit card information over the telephone, in person or on the Internet.

-- notifying the bank of suspicious phone or e-mail inquiries such as those asking for account information to verify a statement or award prizes.

The Australian scams also failed to cause any serious damage, with only 50 customers at ANZ needing to have their accounts set up again.

A wider form of online bank fraud proliferating worldwide is that perpetrated by the Nigerian gangs running the "419", or advance fee frauds, who have set up several dozen fake bank Web sites which have no relation to any actual bank. In this fraud, the gangs use e-mail to try to persuade victims to help them make multi-million dollar transfers of funds out of Nigeria, in return for a percentage of the money.

Victims are encouraged to set up an online bank account with the fake bank, where the money duly appears. The victim is then asked to pay the fraudsters some fake charges or taxes by another method such as Western Union, at which point their account at the fake bank disappears.

These fake bank sites are operated freely in Amsterdam, giving the fake bank credibility it would not have if it were based in Nigeria, according to a group which monitors these frauds. Dutch police have apparently made no moves to curb these fake bank Web activities, according to the group, helping the 419 industry pull in hundreds of millions of dollars per year.

"When the crime crosses borders the police of other nations (apart from Nigeria) have a chance to get involved, but anecdotal evidence suggests that this is rare," the Chaos Project anti-fraud group wrote in an advisory. "The authorities in some countries place a fiscal limit on getting involved -- you have to have lost quite a lot of money before they will bother investigating."

The anti-fraud Web site Scamorama and other security organizations have compiled lists of over 50 fake banks set up and used by the Nigerian 419 fraudsters. A partial list is available at http://www.scamorama.com/bankscam.html.

» posted by abennett

IDG News Service

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine