My wife works for a bank, and she forwarded me a phishing scam for Washington Mutual bank. Besides misspelling the word “customer” as “costomer”, it was pretty convincing for those who don’t know any better. When she sent it to me, I took a look at the page, and this is what Firefox+Google toolbar presented me with:
Everybody needs this! Even those of us who have spent lots and lots of time around the web, this is a good thing. It’s especially good for people like my in-laws and many of my other friends and family.
Besides that, here’s some good information my wife passed along to me:
Having worked for a bank for over 5 years, I will tell you that a little bit of education goes a long way. Never ever EVER give out your pin # to ANYONE!!! Banks will never ask for this information (Other than asking you to enter you own pin # into a machine). Bank employees don’t even have access to your pin #. Your bank would never send you an email asking you to verify your personal information — the bank already has it if they need it.
I recently received an email (I think that it was a bank from Tenessee); When I clicked on the link, it took me to a sign on page. It was really quite clever, you could enter any user ID, and any password. Then, they asked you to verify your bank information. (Including your pin) The other type of phishing email that I have been receiving a lot lately, has been on behalf of phony people from other countries. These people will ask you to reply to their email with your contact info. Then, they will try to get you to cash a fake cashier’s check from them of some ridiculously large amount. They will tell you that your cut is 30% or 40% in some cases. Don’t be fooled by these either.
If you receive an email asking you for any sort of financial information/help know that it is probably a scam, you should delete it at once, or you can forward it to the Federal Trade Commission at spam@uce.gov, or contact them at www.consumer.gov/idtheft or 877.IDTHEFT (877.438.4338).
Bruce
June 20, 2006
There is a catch. AFAIK when you install the Google Toolbar you have to enable PageRank in order to get the Enhanced Safe Browsing feature i.e. send the URLs and “information about the site content” of pages you visit to Google. I suspect this might put of a number of folk, who choose to disable the feature and thus fail to benefit from the Toolbars anti-phishing aspect. A shame that Google feel they have to make this conditional, but as it’s free we can choose to use it or not. I’m not especially paranoid, but as a rule tend to “opt out” whenever I’m presented with such a choice. I guess I do this from a position of being confident (hopefully not overly so) that I won’t get conned in this way. However, for the less “aware” folk the theoretical risk of a privacy breech is likely exceed by the real benefit of anti-phising protection.