Be skeptical, savvy with “phishing” e-mails

It wasn't the most sophisticated e-mail message, but it carried hidden dangers.

It wasn’t the most sophisticated e-mail message, but it carried hidden dangers.

Addressed from a local financial institution, with just six lines of text and no pictures, the e-mail that appeared in Valley inboxes last week looked like it was put together by an amateur, but was actually part of a tangled web of Internet scams that originate in far-away countries.

This particular message tells recipients that “You have 1 new ALERT message.” Recipients are asked to follow a link to what looks like an official Web page and give personal information to read the message.

It’s just one of millions of attempts at “phishing,” or fraudulently getting people’s sensitive passwords an information, that take place every day, all around the world. This particular attempt, which has already been shut down by the institution and its cyber-security company, led to computers in Japan, England, and Russia.

The most common type of online fraud, phishing involves criminals sending out e-mails to tens of millions of people. When they get information from gullible people, phishers try to use it to their advantage as fast as possible, before they’re discovered and blocked.

Phishers started with the biggest banks but are now starting to go after smaller institutions.

“I don’t think anyone is immune to being targeted,” said Colleen Haggerty, spokeswoman for Bank of America’s western region.

Some phishers work by copying a financial institution’s web page. If a web browser can read a web page, a phisher can copy it, and there’s no way to prevent copying, aside from “making it so that no-one can see it,” said Jeff Cummins, IT security manager for Sno Falls Credit Union in Snoqualmie.

Phishers are slowed down when financial institutions discover the fake sites and complain to their Internet service providers, who shut them down. When one purporting to be Sno Falls Credit Union was shut down in England, it popped up and had to be dealt with again, this time in Russia.

To avoid being taken in, financial institution customers should always be skeptical of e-mailed requests for their sensitive personal information, such as passwords or PIN numbers.

“We will never ask for personal information,” Haggerty said.

“Any time person data is being requested, it is always suspicious,” said Linda Larion, president and CEO at Sno Falls. “You never want to respond.”

“Why would we ask for that?” she added. “We already have it.”

Bank of America patrons can report suspicious e-mails to abuse@bankofamerica.com.

If you receive a suspicious e-mail regarding Sno Falls Credit Union, report it to abuse@snofalls.com or follow the link at www.snofalls.com.