Combating ID Theft

Identity Theft is a growing crime that affects many hundreds of thousands of citizens each year. How can you help protect yourself from this serious crime and its devastating effects? The Federal Trade Commission is a terrific resource and reporting center for Identity Theft and other Consumer Fraud.

We invite you to visit the Federal Trade Commission’s web pages on "Identity Theft" and "Phishing".

What is phishing? It is one of the newest methods thieves are using to dupe people into providing their non-public personal information. Please read on!

Phishing: http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm

Identity Theft: http://www.ftc.gov/bcp/edu/microsites/idtheft/

This phishing report was sent to us by one of our vendors. We hope you find it useful and informative:

Phishing for your personal information – IDENTITY THEFT
By John A. Williams, Chairman
Computer Services, Inc.

Over the past few weeks I have received emails that appeared to be from U.S. Bank; eBay; Citibank; PayPal; and Wells Fargo. All wanted me to update personal information on a web site. The one common denominator in all these emails is that I do not have an account with any of these organizations. All were obviously fraudulent. The press is calling such emails PHISHING.

The content varied:

  • "during our regular update and verification of the Internet Banking Accounts...please update and verify your information..."
  • "In an effort to protect your _____ account from future fraudulent activities..."
  • "we wish to inform you that we are upgrading our database servers and need to update your information..."
  • "We recently noticed one or more attempts to log in to your ____ account from a foreign IP address...."
  • "As a technical service of _____ we have been updating our software..."
  • "In order to service you better and combat fraud...."
  • "...during our regular verification of accounts, we couldn’t verify your current information..."
  • "...enter your ATM/Debit card number and the PIN that you use on the ATM."
  • "We regret to inform you, that we had to block your _______ account because we have been notified that your account may have been compromised by outside parties. Our terms and conditions you agreed to state that your account must always be under your control or those you designate at all times. We have noticed some activity related to your account that indicates that other parties may have access and or control of your information in your account. These parties have in the past been involved with money laundering, illegal drugs, terrorism and various Federal Title 18 violations. In order that you may access your account we must verify your identity by clicking on the link below:"

Each of the above statements is followed by www or URL links to web sites which are almost certainly controlled by the thieves. If you have not received any of these emails, then hopefully this article will enlighten you as to the devious methods at work.

Do the words used imply that a gun is in your face to obtain your personal information? Do the words imply a helpful service to protect you or to steal your identity? How would your employees or customers respond if your bank name and even your logo were on one of these emails?

Gartner, Inc., the leading provider of research and analysis on the global IT industry, reported in April that almost a million Americans have been defrauded with such emails. And there has been a recent acceleration in this type fraud to obtain your identity.

It would be appropriate for all bankers to educate employees of this threat. If you use broadcast email to customers, then some form of protection would be in order, such as using a statement stuffer advising customers to expect an email campaign from your bank.

Some are suggesting that the process of phishing is destroying customer confidence in email, but this certainly need not be the case. For those situations such as the distribution of bank statements and legal documents, there are products available that include additional security and provide full protection. But to assume that you need to use this type of email process for all email would be tragic.

Education can go a long way to reduce the threat of phishing and protect email as the fast, inexpensive form of communication on which we’ve come to depend. Please become informed on this very real danger and keep your employees and your customers informed as well.