Late last week SonicWALL, Inc., a leading secure network infrastructure company, saw the first phishing threat to hit inboxes related to the banking-related crisis. The first threat targeted at Washington Mutual and Chase Manhattan online banking customers asks customers to verify their personal information using a dummy Chase website. If you are a Chase Manhattan or Washington Mutual customer and receive this type of email, you may be the victim of a phishing attack. Do not click on the link in the email and contact your bank mmediately.
"We continuously monitor spam and phishing feeds for new threats. Given that scammers will often take advantage of topical subjects, we expected to see the recent banking industry shuffling generate phishing and other threat related emails. The Chase Manhattan phishing email hitting banking customer inboxes is a prime example," said Andy Klein, Sr. Product Manager, SonicWALL.
"The merger and acquisition activities of Bank of America, Wachovia, Chase Manhattan, Washington Mutual and other banking institutions create an environment of confusion and inconsistency that scammers thrive upon. Banking customers will see a series of phishing emails asking for personal and financial details over the coming months and it is imperative to stay alert during this period of uncertainty."
With the rapid nature of the merger and acquisition activity in the financial sector that happened over the last few weeks and the lack of communication between financial institutions and their customers, phishers and hackers have an ideal opportunity to prey on uninformed banking customers. Information phishers seek varies -- anything from credit card information to account login info, to identity information.
It can vary from attack to attack. In all cases, the phishing email will always direct the customer to a web site that looks like the real thing, but is not. Usually it is the "log in" page for that site. When someone enters their information it is usually sent to a "blind drop" -- another system somewhere whose purpose is to collect the information. The phisher will check the blind drop or at intervals will have the blind drop send the information to the phisher. The idea is to put as much distance between the phish and the phisher as possible.
As a precautionary measure, Andy Klein has outlined eight steps that banking customers could take to help further defend against these types of phishing-related security threats:
- Be aware that phishing exists.
- Improve your phishing IQ. SonicWALL has put together the phishing IQ test specifically to test your phishing knowledge. Go to: http://www.sonicwall.com/phishing/
- Understand how your bank communicates with you -- e-newsletter once a month, etc.
- Assume that email that either directly asks or indirectly asks for your account, financial, or identity information is not good.
- If you do online banking, always type in the bank URL into your browser or set up a "favorite", don't click on a link in an email.
- If you have a question about an email, contact the bank using the phone number written down on the MAIL they sent you -- don't trust the phone number in the email.
- Check your credit card statements for incorrect expenses.
- If you suspect that you were phished, contact your bank immediately.
For more information on the topic of phishing and other related threats, click here
About SonicWALL, Inc.
SonicWALL is committed to improving the performance and productivity of businesses of all sizes by engineering the cost and complexity out of running a secure network. Over one million SonicWALL appliances have been shipped through its global network of ten thousand channel partners to keep tens of millions of worldwide business computer users safe and in control of their data. SonicWALL's award-winning solutions include network security, secure remote access, content security, backup and recovery, and policy and management technology. For more information, visit the company web site at http://www.sonicwall.com/ |
