ITSD Computing and Communications Services News
August, 2004

CCS News Home
Back Issues
Search CCS News
Computer Security
Help Request
Software Downloads
Computer Backups
Buy a Computer
Suggestion Box
Email
Calendar
Onsite Computer Training
ITSD
CIS
ISS
NTD
TEID
 

Lab Corporate Cardholders Beware of Phishing: Don’t Take the Bait

“Phishing” attacks use spoofed emails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, usernames and passwords. Cyber criminals hijack the logos and content styles of well-known banks (US Bank, Wells Fargo, Citi), online retailers and credit card companies. Phishing attacks are growing quickly in number and sophistication.

The latest phishing wave to hit the Lab involves US Bank, which the Lab uses for corporate credit cards. If you are a corporate cardholder and have received an email which appears to have been sent by US Bank, don’t take the bait. Phishing emails are randomly being sent using a spam list that also includes individuals who do not even have bank accounts. USBank does not have Lab employees email addresses.

The messages look authentic and claim that the listed phone number is answered by “Cardmember Services.” If you call, the recorded message asks you to immediately enter your 16-digit account number. Don't do it!

If you provide your account information or click on the spoof link embedded in the email, you may allow cyber criminals to access your account through online banking and set up false bill payments that send checks to a conspirator. In other cases, criminals transfer funds from all available customer accounts, including credit cards, savings accounts and home equity loans into their own checking account. A copy of the customer's credit card or check card is then used with their PIN at ATMs around the world to withdraw cash.

What should you do?

  1. Beware of the signs: To increase the number of responses, cyber criminals include upsetting or exciting statements, influencing people to react immediately and respond with the desired information without thinking.
  2. Never give out your account number or other personal data to someone who contacts you.
  3. Do not reply under any circumstance.
  4. Do not click on the link in the email. (This link leads to a spoof website, which could subject you to unwanted background installations of key logging software or viruses.)
  5. Call the Help Desk (x4357) if you receive any phishmail.

For additional instructions, see the US Bank memo that is posted on the Travel Services website. More information on phishing is available on the Anti-Phishing Working Group website.