Friday, October 10, 2008

Financial Scammers on the prowl

As if there isn't enough bad security news lately, the FTP issued a warning to beware of scammers trying to exploit the financial crisis:
Specifically the FTC said it was urging user caution regarding e-mails that look as if they come from a financial institution that recently acquired a consumer's bank, savings and loan, or mortgage. In many case such emails are only looking to obtain personal information - account numbers, passwords, Social Security numbers - to run up bills or commit other crimes in a consumer's name, the FTC stated.
Your bank will never, never, never ask you to email them your account number, Social Security Number, or other private information. Think about it:
  • Your address? The bank already has it. Duh,
  • Your Social Security Number? The bank already has it. They need it to report to the IRS.
  • Your password? It's their server. Of course they have your password.
There is no information that they need, that they don't have. If there were, they'd send you a letter - via first class mail (to ensure that the mail gets forwarded if you've moved).

Via Slashdot, where there's the Quote of the Day:
I've heard Americans are so broke they are now scamming Nigerians

2 comments:

zeeke42 said...

I know this is an old post (I'm behind on my RSS feeds due to vacation) and a minor point (pedant, me?). The bank shouldn't have your password, they should only have a cryptographic hash of it.

Borepatch said...

That's a good point, Zeke. My original point was that your bank will never need to ask you for your password.