Friday, October 10, 2008

Financial Scammers on the prowl

As if there isn't enough bad security news lately, the FTP issued a warning to beware of scammers trying to exploit the financial crisis:
Specifically the FTC said it was urging user caution regarding e-mails that look as if they come from a financial institution that recently acquired a consumer's bank, savings and loan, or mortgage. In many case such emails are only looking to obtain personal information - account numbers, passwords, Social Security numbers - to run up bills or commit other crimes in a consumer's name, the FTC stated.
Your bank will never, never, never ask you to email them your account number, Social Security Number, or other private information. Think about it:
  • Your address? The bank already has it. Duh,
  • Your Social Security Number? The bank already has it. They need it to report to the IRS.
  • Your password? It's their server. Of course they have your password.
There is no information that they need, that they don't have. If there were, they'd send you a letter - via first class mail (to ensure that the mail gets forwarded if you've moved).

Via Slashdot, where there's the Quote of the Day:
I've heard Americans are so broke they are now scamming Nigerians

2 comments:

  1. zeeke42October 31, 2008 at 3:07 PM

    I know this is an old post (I'm behind on my RSS feeds due to vacation) and a minor point (pedant, me?). The bank shouldn't have your password, they should only have a cryptographic hash of it.

    ReplyDelete
  2. BorepatchOctober 31, 2008 at 4:37 PM

    That's a good point, Zeke. My original point was that your bank will never need to ask you for your password.

    ReplyDelete

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.