October 2, 2008 4:10 PM PDT

New phishing attempt targets bank customers

by Elinor Mills
  • Font size
  • Print
  • 4 comments

Many people are wondering what to do now that their bank has been acquired in the wake of the lending crisis. Well, whatever you do, don't click on links in e-mails purportedly sent by your bank.

Security firm SonicWall said Thursday that it has been seeing e-mails that attempt to lure people to fake bank Web sites, where they are asked to re-verify their personal and bank information as part of a merger.

In one example that targets people affected by the Chase acquisition of Washington Mutual, the e-mail asks recipients to click on a link and confirm their identity so Chase can "activate new security features for our new and old online banking customers."

The link goes to a fake Chase Web site that asks for account log-in and other information, said Andrew Klein, a product manager at SonicWall. The scammers are gathering the information to sell to cybercriminals who will use it to transfer money out of victims' accounts or commit identity fraud, he said.

"Banks wouldn't do this online," Klein told CNET News. "Traditionally, what happens is you get a letter in the mail."

Phishers and scammers commonly exploit news events to lure victims to sites that contain malware or that ask them to supply information. Cybercriminals are even using Google Trends to find out what Web search terms are the most popular in order to make sure they have timely and relevant content on their sites with which to attract victims.

But this particular type of phishing attempt is particularly dangerous given how confused many consumers are about what the bank acquisitions will mean for them.

To test your knowledge of phishing and spam, try taking this SonicWall quiz.

This phishing attempt tries to get people affected by the Chase-Washington Mutual merger to give up their bank account information.

(Credit: SonicWall)

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Privacy & data protection,

Vulnerabilities & attacks

Tags:

security,

privacy,

phishing,

banks,

e-mail

Share:
Digg
Del.icio.us
Reddit
Recent posts from Security
Q&A: Researcher Karsten Nohl on mobile eavesdropping
RockYou sued over data breach
Hacker Gonzalez pleads guilty in Heartland breach
Microsoft rebuts IIS vulnerability claims
More attacks expected on Facebook, Twitter in 2010
GSM crypto code cracked, engineer says
Web-based Lookout protects mobile devices, data
Hackers claim to crack Kindle copyright armor
Related
Using Facebook and Twitter safely
Facebook sues men for allegedly phishing, spamming
Trend Micro forecasts future threats
Report: FBI investigating Citibank cyberattack
RockYou sued over data breach
So, is it safe to tweet now?
Week in review: A matter of antitrust
CNET Top 5 Sony Reader Touch edition giveaway - official rules
Add a Comment (Log in or register) (4 Comments)
  • prev
  • 1
  • next
by Solaris_User October 2, 2008 4:50 PM PDT
New phishing attempt targets bank customers: It's called the United States Congress.

Don't worry about ID thieves.. we will take your money before they do.
Reply to this comment
by anguyen41 October 3, 2008 6:02 AM PDT
Thank you for this information.
Reply to this comment
by qi-fense October 7, 2008 7:02 PM PDT
We can also track email traffic on a variety of financial institutions - we have seen 5 specific attacks on citi, wachovia and wells fargo in the past 3 days - these generated many 100's of thousands of emails being sent from over 100 diferent IP addresses based in over 35 countries - again, all of this traffic stemmed from only 5 coordinated attacks.

Phishers like to strike at the most fearful and the most vulnerable. To the initiated, most of these emails are pathetic - but with those kinds of numbers, they are likely to catch a few of us unaware.
Reply to this comment
by Identity-Theft-Experts December 27, 2008 12:18 PM PST
Identity Theft Experts agree there is no complete solution for uninformed users who are constantly hooked by these scams. The fact is even well educated savvy people are scammed every day. Numerous tools incorporated into browsers and email programs will help stem the tide. But continually informing the public via articles like this in the mainstream is essential. www.IDTheftSecurity.com
Reply to this comment
(4 Comments)
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET