Friday, May 13, 2005

America First sets a hook for phishers

deseretnews.com - America First Credit Union has declared open season on "phishers." Phishing, a term used to describe e-mail schemes designed to obtain personal, financial and other information for fraudulent use, is a rapidly increasing problem for Internet users and businesses.
On Wednesday, America First announced the creation of a new "Anti-Phishing Team," comprising representatives of the credit union's security, network systems, electronic support and services, audit, call center, marketing and executive divisions. Their charge, according to America First senior vice president of electronic services Rich Syme, is to improve monitoring of suspicious activity, develop additional identity verification controls, assist credit union members who believe they have been victimized or solicited via "phishing" schemes, and improve alerting procedures so that members know about these schemes faster.
"That's really the key to solving this problem, education," Syme said. "People need to know not to give their account information. A legitimate financial institution will never solicit a depositor's or member's account number, PIN number or Visa card number. There would be no reason for us to send an e-mail to someone, saying 'We don't know your account number. Can you help us?'"
However, that's just what's happening, and with greater frequency, according to the latest report from the Anti-Phishing Working Group, a Massachusetts-based organization comprising business and law enforcement agencies worldwide. APWG reported that the average monthly growth rate in phishing sites increased 28 percent from July 2004 through March 2005, and that the financial services sector is the most-targeted industry for phishing attacks. Financial services averaged 81 percent of all "hijacked brands" in March 2005, the latest monthly data available.
And, according to the APWG's report, "In this (financial services) category, phishing attacks have been reported against community banks and credit unions in addition to well-known institutions with global brands."
Syme said the number of reported phishing schemes has "remained consistent" at America First. To address the issue, the credit union established an e-mail address to which members and others may report suspected phishing activity. All messages sent to that address will be referred to security, network and support teams and, when appropriate, the Utah Cybercrimes Task Force. Senders also will receive information back from America First about what to do if they feel their personal information has been compromised.
America First is the latest financial institution to announce tougher measures, but it isn't the only one. Most banks and credit unions provide information, warnings and methods to report phishing schemes or other fraud.
Robert Brough, spokesman for Salt Lake-based Zions Bank, said Zions has a team in place "whose sole responsibility it is to protect the bank and its customers against criminals."
"We're certainly seeing that the criminals are getting smarter, using different methods to try to perpetrate their crimes," Brough said. "As a result, it behooves us as a financial institution to make sure we have the security measures in place to protect ourself. And, it also behooves the customer to know what's going on in their account."
Zions agrees that it will not ask customers via e-mail or by phone for personal or financial information. In fact, Brough said, "If you get e-mail or other correspondence, or if someone calls you on the telephone and you don't know who it is you're talking to, take whatever steps you need to to verify. Talk to your local branch manager, or call customer service. If there's a real problem, these people will know about it.
"Unless you initiated the call or contact, or unless you're certain who you're dealing with, you should not respond" to e-mail or other communication purportedly from your financial institution requesting personal or financial information, Brough said.
Wells Fargo Bank, at www.wellsfargo.com, provides safety tips and copies of recently reported phishing e-mails so customers can compare. The most recent, reported April 19, warns of possible "account theft" and requests account and Social Security numbers.

No comments: