October 27, 2011, 3:16 PM — Online banking continues to get more popular for its tremendous convenience – for both the customer and the bank robber. Or, if not bank robbers, then grifters who scam a few bucks out of both the unwary and the overly suspicious using more sophisticated phishing techniques than were evident even a few months ago, according to the American Bankers Association.
Scams have gone from obvious emails asking customers to click on a link and confirm their username and password, or open an attachment with an "important account update" that is actually a virus, to multimodal outreach campaigns aimed at mass audiences using many of the same technologies and techniques as the banks themselves, a report from ABA said.
Although the warnings are serious, the techniques include emailing false notices (called phishing), using auto-dialers to cold-call bank customers with "warnings" (called vishing) or sending texts for the same purpose (smishing).
Absent the ridiculous names, the experience is much like what you'd get from any relatively impersonal bank notifying customers, as required by federal law, of the latest increase in ATM fees or other extra costs.
The Phish, Vish and Smish messages contain a specific request for action, however, according to Idaho Attorney General Lawrence Wasden, quoted in BankInfoSecurity about a vish/smish scam carried ou on a wide scale against Wells Fargo customers in Idaho during August.
Often the senders or callers don't know anything about the "customer's" card or account; they often call people who aren't even customers, because they don't always go to the trouble to acquire a mailing list that would be used for legitimate advertising purposes.
Instead they cold-call banks of random numbers to warn customers their accounts had been shut down following one or more attempts at fraud, which the bank had prevented by its quick action.
To reinstate or reactivate the accounts, however, customers had to respond to an email, text or phone call to discover how their accounts had been compromised.
Once the contact is made, customers are asked to confirm their account numbers, phone-banking PIN numbers, ATM numbers or other information.
Despite the increasing number (or just publicity about) large-scale hacks and potential identity thefts, banks still do not ask consumers to call numbers that aren't easily identifiable as belonging to the bank, or to provide private information others could use to access the account, according to the ABA.