I don't have a Bank of America account...

I don't have a PayPal account ...

And I don't have an AOL account ...

So why did I receive three almost identical pitches today to log-on to my non-existent accounts with my user name and password to unlock or verify my account?

Because some junior criminal/moron in France was using an Internet Phishing kit (c0mplete with corporate logos) to entice me into revealing my log-on information so that they could access and plunder my account.

Even if I had received a response from a financial institution that I did business with, I would be more inclined to yell at their security officer for sending a real notice that could easily be recognizable as a fake.

This is nothing new about such Phishing attempts. They are the simply the Internet version of the "Bank Examiner Scheme."

A well-dressed and mature man shows up (possibly with an equally well-dressed partner) and explains that your bank account has been compromised by someone employed by the bank. They then ask you for your assistance in catching the miserable crook. All you need to do is go to the bank, withdraw your money, let them count and mark the bills and then you can return it to a new account. Should you have fallen for this scam, your life savings would have flown out the window.

Another version has the Bank Examiner calling you on the telephone to tell you that your ATM account has been compromised. They then ask you to call them back at the bank so they are sure that the telephone line is secure. An associate answers the telephone (with a suitable background of banking type noise) and switches you to the Bank examiner who then requests your account number and pin. They end the call by explaining that they will be contacting you the next day. By that time, they would have already used that information to access your account.

So there really is nothing new in the scam. But that does not stop the gullible from giving thieves large amounts of money each and every year.

What can YOU do?

Should you get an e-mail request similar to the above or asking you to log-on to your account. Simply delete it.

Don't bother reporting the attempt to the bank as their security people are already aware of the situation and will simply tell you to forget the matter. I once called and asked for the security officer at a bank to report a new and novel method of accessing accounts -- and I was blown off by the secretary. Too bad she had already provided her name since my next contact was with the bank's regulatory audit team and told them about the problem with the bank being unwilling to respond to a legitimate customer request. Something must have happened as I received an unsolicited call from a bank officer who wanted more details. I blew him off and suggested he speak with the regulatory audit team. This probably accomplished nothing more than irritating the bank's management, but like the purpose of this blog, it sure beats yelling into the wind.

Never provide personal details to any person unless you are seated at a bank official's desk -- and even then ask them for personal (driver's license) and professional (bank issued photo identification card) identification. Makes them crazy, but your cash stays in the bank.

-- steve

Quote of the day: "

Hindsight is always twenty-twenty."       - -Billy Wilder

A reminder from OneCitizenSpeaking.com: a large improvement can result from a small change…

The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane. -- Marcus Aurelius