Scammers bid for $1M multibank haul, launch new "prizewinners" con
A huge new wave of bank-related phishing scams is sweeping through North America and Europe, claiming thousands of victims.
Mostly, the scams are the familiar sort where victims get an email or phone message, with a link to a bogus website where they're asked to provide personal financial details.
What is unusual is the scale of the outbreak, with scores of local communities being targeted, all within the past couple of weeks. It's not known if the individual attacks are connected with each other.
In one case, scammers are trying a new multi-bank approach that experts fear could lead to a massive haul of stolen identities and financial losses of over $1M.
We also have news of two new prizewinner-type cons, a scam to trick people into paying for making benefits claims, and the story of the hoaxer who claimed he was Frank Sinatra's grandson!
1. Phishing scam #1: "Casino Rewards" could rake in $1m
The scam: A new bogus email offering a $100,000-limit credit card and a whole range of potential prizes could become the world's first million dollar phishing scam, say Internet security experts.
Unlike earlier phishing emails that claim to be from a specific bank or card company, the new one, pretending to be on behalf of a "Casino Rewards" program, carries a drop-down list of financial institutions.
It's a colorful email, illustrated with images of Vegas hotels, and claims "Casino Rewards" is being run jointly by Visa, MasterCard and Amex. Victims are invited to select their existing credit card company from the drop-down list of 12 card providers.
A link takes them to a phony page that looks like their genuine card company website, where they're asked to key in their username and password.
Since a normal single-card phishing operation usually nets about $100,000, this multibank approach could bring in more than a million, say Internet intelligence experts Envisional.
The solution: Despite all previous warnings, people still fall for this well-known con. In this case, says Envisional, victims are especially comforted to see the familiar 'big three' credit card symbols. And because these organizations operate internationally, victims are being targeted across the world.
There is only one sure way to avoid this fraud: Never click on an email link for any financial organization. If the offer interests you, find the bank's real website address and go there independently. And of course, as we always say, "if it's spam, it's a scam."
2. Phishing scams #2: UK attacks leap 180%
The scams: APACS, the UK trade association for banks and others involved in money transfers, announces that emails that phish for people's personal financial details jumped by 180% in the first six months of this year.
In the same period last year, there were 7,200 different attacks. This year, the number was 20,600. The news comes at a time when the number of people using online banking in the country rocketed by 500%. So APACS fears the number of phishing scams will continue to rise.
The solution: In addition to the advice in the previous item, APACS also points out that phishers often don't know their victims' names, so their emails often begin with a giveaway like "Dear valued customer."
3. Phishing scams #3: Phone messages target US communities
The scam: In multiple US locations, victims receive a computer-generated voice message, on both cell and home phones seemingly from a local bank.
The call tells victims their debit card or bank account has been suspended or some other action is needed, and to phone a toll free 800 number, where personal financial information is requested.
Using genuine bank names, calls go out to thousands of people, including in Bedford, IN (Stone City Bank), New London, CT (Charter Oak Federal Credit Union), and Wisconsin Rapids, WI (Bull's Eye Credit Union), and to many other locations (using nationwide names like Citibank Online and Wells Fargo Online).
Solution: The scale of this current outbreak is alarming. Banks just do not communicate with customers on such critical issues in this way. Even if they did, they wouldn't use recorded messages. It would a personal call.
Anyone who receives a call like this should call the bank on their regular phonebook number. If you're already a victim, contact your bank immediately.
4. Phishing scam #4: State department name used in tax con
The scam: We wrote last week about a new tax scam outbreak where phishing emails claim to be from the IRS. Well, just to add to our warning -- similar emails appear this past week, purporting to be from a state's Department of Taxation.
The Hawaii Department of Taxation reports several cases where emails claiming to be from the department tell victims they're entitled to a refund. It asks for debit card information so the refund can supposedly be deposited directly to the recipient's bank account.
The solution: The only place where, for tax purposes, you may provide bank details (at your discretion) is on your annual tax return. Neither the IRS nor individual taxation department seek this information via email.
5. Don't pay for benefits claim
The scam: Websites offer to help with unemployment insurance claims for Missourians who've lost their jobs and are eligible for benefits for 26 weeks. Some sites offer the service for a fee, when the state of Missouri actually processes claims for free. Others ask for personal financial details, which suggests a phishing attempt.
The solution: Most state and federal benefit services do not require fees. In all cases, always deal directly with the relevant department. If anyone does offer to provide a service that supposedly speeds up the process or makes it easier, check out their credentials with the state department concerned.
6. Prizewinner scam #1: "Shoppers Sweepstakes" letter
The scam: Williamson County, IL, residents receive a letter saying they've won $250,000 in the "Shoppers Sweepstakes" but it's the well-known Nigerian lottery scam.
The scammers send a check to "winners" for $3,000 as an initial payment, asking them to forward part of this as a money order to cover processing of the win. The check is a dud but this is not usually discovered until after the victim sends the money order payment.
The solution: Legitimate competition organizers don't charge winners for prizes. Never send money to collect a prize. It's always a scam.
7. Prizewinner scam #2: Don't shell out your bank details
The scam: SMS text messages flood cell phones in Petaling Jaya, Malaysia. They tell owners they've won a competition run by Shell Malaysia, and to transmit their bank account number to the sender. The competition is genuine but the award notification is not.
The solution: This scam relies on the fact that most people in a relatively small community entered the competition when they gassed up their cars, so they weren't too suspicious about the notification. However, the request for bank account details should have set alarm bells ringing. Never give out such details.
8. He did it his way -- and look what happened
The scam: Claiming to be the grandson of Frank Sinatra, a con artist hangs out around expensive hotels in the Austin, TX, area. Smartly dressed, he carefully selects victims, strikes up a conversation to win their confidence and then borrows money from them. Not just small amounts either -- in one case a victim parted with $300,000.
The solution: The golden rule for all confidence tricks is to never accept somebody's identity or even what they say their job is, just at face value. And don't accept anything they give or show you as proof.
In this case, the scammer, who also tried his con in Florida and Vegas, is said to have borne some resemblance to ol' blue eyes. But when it came to earning money, he certainly didn't do it Frank's way!
That's it for our scam headlines roundup this week. Watch out for those phishing bids which, like all the scams we report on here each week, could be headed your way next. And when you see the next Sinatra look-alike, best to keep your hands on your wallet!