October 9, 2008

Cyberscams Exploit Consumers’ Fears

By Jon Swartz

SAN FRANCISCO -- The rippling financial crisis has sent consumers scurrying to the Internet for answers and advice. Online fraudsters are right behind, devising ways to steal personal information.

Cybercrooks are creating fake websites, spam, phishing attacks and malicious software code to take advantage of anxiety during the economic calamity. Like other extraordinary news events, the crisis has heightened fears and made people desperate for information, say computer-security experts.

"It's a new spin on old tactics," says Andre Gold, an independent security consultant who formerly was head of information security and risk management at ING.

*Spam and phishing. Most of the scams center on spam and phishing against the backdrop of bank failures, mergers and takeovers. Current and former customers of JPMorgan Chase and Washington Mutual are being inundated with phishing attempts as Chase navigates an acquisition of Washington Mutual.

One example is an e-mail that appears to come from Chase. It asks customers to go to what is purportedly a Chase website, but is a fake, and provide personal information, such as user ID, password, name, address, phone number and Chase credit card number.

Phishing attacks on Citigroup soared shortly after it announced its intention last month to acquire struggling Wachovia, according to Internet researcher Netcraft.

*Fake websites. Many of the phishing attacks advise bank customers to follow links for websites and update their personal data. The sites are fakes, designed to trick victims into divulging their user name, password and more.

Citigroup and Wachovia customers are among the targets, says Ori Eisen, chief innovation officer at The 41st Parameter, an anti-online-fraud vendor and former anti-fraud director at American Express.

"People's life savings are at risk," says Andy Klein, an e-mail expert at security vendor SonicWall. "Many are especially antsy because they haven't heard from their merged banks yet."

*Targeted malware attacks. Concern about targeted cyberattacks was a major topic among representatives of leading U.K. banks at a London conference this month, says Eisen, who attended.

Financial institutions such as Bank of America post information on their websites about the perils of suspicious e-mail and other online fraud. WaMu's website has a big banner with info on its merger with Chase. (c) Copyright 2008 USA TODAY, a division of Gannett Co. Inc. <>