Banking and Online Account Scams (AKA “Phishing”)

Verify the Legitimacy of Every Request for Personal Information You Receive

Email addresses can easily be purchased in bulk from direct advertising firms, as well as magazines and other sources. There are companies out there that claim to be able to offer databases with as many as 500 million different email addresses. If you own a Twitter account, you can even purchase up to a million followers too. Padding your social media sites has become a big business.

Scammers take advantage of the availability of these lists by purchasing them for their own use. When you are victimized by fraud, you are generally entitled to receive a refund or, in certain circumstances, apply for a chargeback.

The typical banking and online scam begins when you get an email with the logo of your bank, credit card company or a major online merchant announcing, for example, that for security reasons you are being asked to re-confirm your account information. A link is provided. You click and reach an online form, again with the same official logo, which asks you for your name, address, account number, password or PIN number (whichever one is relevant), and perhaps a few additional bits of information. You fill out the form and click “Submit.”

Individuals and Corporations Are Both Targeted

If you think that a scam like this would stay clear of the largest and most secure corporations associated with the internet, then think again. From (at least) 2013 to (at least) 2015, Google and Facebook employees were targeted in an elaborate international phishing attack, which tricked them into sending an estimated $100 million to an overseas banking account. In March 2017, at the request of U.S. authorities, a Lithuanian citizen was arrested at his home by police in that Baltic country. He was extradited to the U.S. five months later to stand trial for allegedly impersonating a Taiwanese electronics manufacturer that provides equipment to both Google and Facebook in order to send massive numbers of these fraudulent emails to employees of those companies. He is charged wire fraud, money laundering and aggravated identity theft.

The scam was first uncovered by Google itself, which contacted authorities. Both Google and Facebook claim that they have since recovered most of the funds lost by their staff. But large corporations are not only victimized. They potentially can also inadvertently create the problem itself.

Equifax, one of the three largest consumer credit reporting agencies in the world, which collects and aggregates information on over hundreds of millions of individuals consumers and businesses around the globe, was victimized in 2017 by a large-scale security breach. To reassure consumers, it set up a separate website to allow them to access their credit records. Shortly thereafter, a cybersecurity researcher cloned that site, proving that scammers could do the very same thing to enabling them to the passwords and personal information of victimized consumers a second time.

Exercise Caution

By every standard – technology, content, graphic design, and psychology − phishing is a very sophisticated scam. If you receive an email with your bank’s logo that informs you that you should reconfirm your password due to a security threat, your immediate reaction will be to assure your online security and comply with the request.

But here’s a general rule: First verify the legitimacy of every request for personal information that you receive. You can do this in several ways:

  • Call or write the bank, credit card company or other financial institution that ostensibly is asking you to respond
  • Surf the internet for phishing warnings using keywords from the same text
  • Check the latest phishing warnings on the website of a government cybersecurity agency, such as the U.S. Computer Emergency Readiness Team
  • Consider purchasing anti-phishing computer software

If you think you have been victimized by a banking or online account scam such as phishing, consult with our fund recovery experts at MyChargeBack