How do scammers know which bank I use?
September 16, 2004 7:50 AM Subscribe
How do scammers who send email claiming to be from my bank and needing my account info know which banks I use? [More Inside]
You know the email: “We are upgrading our system. Please follow this link [to facsimile of actual bank’s site] and confirm your account information to avoid having your account deleted.” I used to just get them from "Citibank" and assumed scammers were playing the odds on that one. But today I got one seeming to be from my fairly small local bank. I got the email at an old college address that the bank does not have on file--and my college is in a state where my bank does not operate. The only connection I can think of between the bank and the college is my student loan payments. The to: field has a slight variant of my address in it (usernames are initials and random numbers), so it looks like this was in fact sent to a computer generated list of possible addresses at the college (like 80% of my spam).
I followed the link this time out of curiosity and was actually redirected to my bank’s real site, which did not solicit my info and actually had a warning about spam scams. I presume my bank had already been tipped off and shut this one down. There was a phone number there to report such scams. I picked up the phone, then got confused and paranoid, then went to the bank’s site in another browser window and confirmed the number, then decided to Ask Metafilter….
You know the email: “We are upgrading our system. Please follow this link [to facsimile of actual bank’s site] and confirm your account information to avoid having your account deleted.” I used to just get them from "Citibank" and assumed scammers were playing the odds on that one. But today I got one seeming to be from my fairly small local bank. I got the email at an old college address that the bank does not have on file--and my college is in a state where my bank does not operate. The only connection I can think of between the bank and the college is my student loan payments. The to: field has a slight variant of my address in it (usernames are initials and random numbers), so it looks like this was in fact sent to a computer generated list of possible addresses at the college (like 80% of my spam).
I followed the link this time out of curiosity and was actually redirected to my bank’s real site, which did not solicit my info and actually had a warning about spam scams. I presume my bank had already been tipped off and shut this one down. There was a phone number there to report such scams. I picked up the phone, then got confused and paranoid, then went to the bank’s site in another browser window and confirmed the number, then decided to Ask Metafilter….
Maybe your student loans records were hacked.
posted by Keyser Soze at 8:08 AM on September 16, 2004
posted by Keyser Soze at 8:08 AM on September 16, 2004
i get those purporting to come from lots of differnt banks, just today from Citizens Bank and a few days ago from Bank One. Are you sure you aren't getting spoof emails from various financial institutions? If I was getting them only from Bank of Kyoto (click for scary look at zeitgeist of Japanese corporate web design), I would certainly be alarmed as well.
posted by planetkyoto at 8:10 AM on September 16, 2004
posted by planetkyoto at 8:10 AM on September 16, 2004
I get 'em from US banks.
I live in Canada.
I've never dealt with a US bank. I'm not interested in dealing with a US bank.
So my vote is: they don't know what bank you bank with, they're just assholes shooting randomly at strangers.
posted by five fresh fish at 8:43 AM on September 16, 2004
I live in Canada.
I've never dealt with a US bank. I'm not interested in dealing with a US bank.
So my vote is: they don't know what bank you bank with, they're just assholes shooting randomly at strangers.
posted by five fresh fish at 8:43 AM on September 16, 2004
I've been getting legitimate emails from my banks for as long as they have had online banking and they have never, ever sent an email wanting me to confirm anything. If they ever need to get a hold of me they call or write snail mail.
Recently they have sent out emails reminding customers that they never send out such requests and when in doubt go directly to the bank's website [don't follow the link] or call them.
In fact, I can't think of any companies that I do business with ask me to update anything via email. If they want to update something they will do so once I've already logged in to the legitimate site.
The spam/scam emails almost always end up in my ISP or my Mac's junk folders. I would also hope my bank has better spelling and grammar skills than most of those spam/scam emails.
posted by birdherder at 8:48 AM on September 16, 2004
Recently they have sent out emails reminding customers that they never send out such requests and when in doubt go directly to the bank's website [don't follow the link] or call them.
In fact, I can't think of any companies that I do business with ask me to update anything via email. If they want to update something they will do so once I've already logged in to the legitimate site.
The spam/scam emails almost always end up in my ISP or my Mac's junk folders. I would also hope my bank has better spelling and grammar skills than most of those spam/scam emails.
posted by birdherder at 8:48 AM on September 16, 2004
Response by poster: Perhaps I'm just a statistical anomaly since I have received such scams purporting to be from only two banks and they both happen to be banks I have accounts with.
posted by shinnin at 9:23 AM on September 16, 2004
posted by shinnin at 9:23 AM on September 16, 2004
Do you visit your local bank's website frequently? If so, is it possible that some kind of spyware has sniffed out your e-mail address and your browsing habits?
posted by Johnny Assay at 9:23 AM on September 16, 2004
posted by Johnny Assay at 9:23 AM on September 16, 2004
(I should add that I've never actually heard of this happening, but it's not inconceivable that it could occur either.)
posted by Johnny Assay at 9:24 AM on September 16, 2004
posted by Johnny Assay at 9:24 AM on September 16, 2004
They don't know which banks you use. I keep getting bogus e-mails claiming to be from Citibank, and I'm not sure I've ever actually been in a Citibank. Ever. I definitely don't have an account there.
posted by oaf at 9:45 AM on September 16, 2004
posted by oaf at 9:45 AM on September 16, 2004
I just got the Citizen's Bank one today...to an email address that I never get spammed on, so I think they may have just gotten lucky guessing my address. I'd agree that you probably just got "lucky". Best thing to do is delete and ignore.
posted by jacobsee at 10:02 AM on September 16, 2004
posted by jacobsee at 10:02 AM on September 16, 2004
Yeah, they're just guessing which bank you use. The only time I've almost fell for it was when I was using ebay to buy some dumb shoes and five minutes later got a "fraud prevention" email.
They had me going for about five seconds, but sure enough, viewing source on the HTML message clearly showed the form action went to some stupid IP address that the phisher was using to scam people.
posted by mathowie at 10:14 AM on September 16, 2004
They had me going for about five seconds, but sure enough, viewing source on the HTML message clearly showed the form action went to some stupid IP address that the phisher was using to scam people.
posted by mathowie at 10:14 AM on September 16, 2004
Slightly off the point, but...
I followed the link this time out of curiosity and was actually redirected to my bank’s real site, which did not solicit my info and actually had a warning about spam scams.
Careful with this, there's a cross site scripting hack that was making the rounds a while ago that would let a scammer
1. Redirect to a Bank's website, and include a bit 'o Javascript with the redirect
2. Once your Bank's real website had loaded, it runs the bit 'o Javascript which uses the DOM to change the action URLs of the forms on the site from your bank's login to the scammers site.
This way it looks like you're submitting that information to your Bank's website, but really you're sending it off to Those Darn Russian Hackers™
posted by alana at 10:23 AM on September 16, 2004
I followed the link this time out of curiosity and was actually redirected to my bank’s real site, which did not solicit my info and actually had a warning about spam scams.
Careful with this, there's a cross site scripting hack that was making the rounds a while ago that would let a scammer
1. Redirect to a Bank's website, and include a bit 'o Javascript with the redirect
2. Once your Bank's real website had loaded, it runs the bit 'o Javascript which uses the DOM to change the action URLs of the forms on the site from your bank's login to the scammers site.
This way it looks like you're submitting that information to your Bank's website, but really you're sending it off to Those Darn Russian Hackers™
posted by alana at 10:23 AM on September 16, 2004
I get them from banks I've never, ever used.
We now own a house in Seattle. We used to own one in Minnesota. I have never gotten so much spam as I did related to my Minnesota property address. Don't know if someone went through a phone book there or tracked it through our mortgage company or realtor, but I haven't owned that house in 3 years and we constantly get mail about YOUR PROPERTY AT OLD MINNEAPOLIS STREET ADDRESS.
Occasionally we get some about remortgaging our property from an earlier address, which was an apartment, so the idea of remortgaging it cracks me up.
posted by GaelFC at 11:52 AM on September 16, 2004
We now own a house in Seattle. We used to own one in Minnesota. I have never gotten so much spam as I did related to my Minnesota property address. Don't know if someone went through a phone book there or tracked it through our mortgage company or realtor, but I haven't owned that house in 3 years and we constantly get mail about YOUR PROPERTY AT OLD MINNEAPOLIS STREET ADDRESS.
Occasionally we get some about remortgaging our property from an earlier address, which was an apartment, so the idea of remortgaging it cracks me up.
posted by GaelFC at 11:52 AM on September 16, 2004
I'd like to mention that the US American "Citizens Bank" is completely NOT the Canadian "CitizensBank" that I have raved about repeatedly.
My CitizensBank is a branch of VanCity (Vancouver City) Credit Union, and is an upstanding, wholly net-only, nice bank. I'm quite certain they don't spam.
posted by five fresh fish at 12:16 PM on September 16, 2004
My CitizensBank is a branch of VanCity (Vancouver City) Credit Union, and is an upstanding, wholly net-only, nice bank. I'm quite certain they don't spam.
posted by five fresh fish at 12:16 PM on September 16, 2004
« Older Why were people in the 1800s smart about... | I've been sick with what I think of as a... Newer »
This thread is closed to new comments.
posted by caddis at 8:04 AM on September 16, 2004