Most of us probably know what this is, but I figure I'll share for the possible 5% that don't.
I've been getting a number of emails lately that seem to come from Bank of the West, asking me to log into their site and update my personal information. Here's a sample:
Dear Bank of the West Customer,
During our regular update and verification of the Internet Banking
Accounts, we could not verify your current information. Either
your information has been changed or incomplete, as a result your
access to use our services has been limited. Please update your
information.
To update your account information and start using our services
please click on the link below:
(Link Deleted)
Note: Requests for information will be initiated by Bank of the West
Business Development; this process cannot be externally requested
through Customer Support.
Sincerely,
Bank of the West
Security Department.
Huh. Odd, because I don't have an account there. Further examination reveals that the link provided is to a host in Spain, which is really odd, because California banks must, by law, be based in California. Looking at the headers shows me that it went through mail relays in Japan, Russia, and a couple other exotic places. Even funnier, none of those servers had "bankofthewest.com" in their url's.
I've had about nineteen of these in the last three days. No, Bank of the West has nothing to do with it; it's a phishing scam, and what they want to do is fool people into sharing enough information to clean out your bank account, apply for credit cards in your name, and any number of other awful things.
Anybody else getting buried with this stuff? Phishing has increased enormously, and cost about $400,000,000 last year - and if you're naive enough to click the link, you may find that your PC becomes compromised, as well, even if you don't fill out your information. The sites have become very sophisticated, and will look just like the real bank site. This particular bunch is easy to spot, because they did not use html redirects to conceal their servers, but many of these guys are much smarter. Up to 5% of computer users are fooled.
If you are taken in, you will not recover your money. The bank is not responsible, and law enforcement has not demonstrated any real talent in this area, either. It will create problems with your credit rating that can take years to clear up, and can just generally make life hell.
It is a good idea to forward such emails to the financial institution they're mimicking, to the
FBI, and to abuse@ whatever url's show up in the headers. No real financial institution will ask for this information via email.