Banking - Online - Fraud** Long post alert**This is a FRAUD ALERT and should be taken VERY SERIOUSLY. If possible, tell others of this phenomenon so that they can protect themselves appropriately.Dear Blogville,
There exists out there a certain crooked individual / group of individuals who are not reading our blogs out of distraction or recreation, or even out of appreciation of our literary skills. He / she / they are reading
your blog to see what tiny piece of
personal information they can steal from it to defraud you.
And I should know… I almost fell victim to their antics!
Some dude (who imagines he’s smart) after reading of my ATM worries on my other blog (see
here and
here) has decided to pester me with e-mail purportedly originating from InterSwitch, the company behind almost all ATM transactions in Nigeria.
Excerpts from the e-mail are reproduced below:
Dear Interswitch Card Holder,During our regularly scheduled account maintenance and verification procedures with affiliated banks, we have detected a slight error in your account information.This might be due to either of the following reasons:1. A recent change in your personal information (i.e. change of address).2. Multiple failed attempts on online shopping websites.3. An inability to accurately verify your selected option of payment due to an internal error within our processors.Please update and verify your information by clicking the link below: (link had been removed by blogmaster for your safety)If your account information is not updated within 48 hours then your ability to access your account will become restricted.Note: Card Number (printed on card issued by bank) and Pin are numeric. Refer to your Debit and/or Cash Cards.Thank you for choosing, InterswitchFurther information at the bottom of the mail listed several possible terminals where I may have unsuccessfully attempted to use my ATM in the recent past. I admit I was curious to see where the link led to but curiousity was definitely not going to kill this cat, no siree! The link, characteristic of fraudulent “phishing” requests
[1], actually leads to a fake Interswitch site that requests your Card Number and PIN.
After getting such a mail, several red flags should pop up instantly in the receipients’ minds. First of all, InterSwitch, being the operators behind the cash cards already possess a database containing all their issued cards alongside each Customer’s PIN which the terminal cross-checks each time you use your card. Asking you therefore to fill in such same information into a vulnerable website is therefore very stupid to say the least.
Second, what actually got all the flags in my head flying at full mast was the fact that I
NEVER use this blog’s e-mail ID for any sort of official matter or correspondence whatsoever.
None of my bank details contains such info so unless InterSwitch employed the services of a particularly strong sorcerer, there’s absolutely
no bloody way they could have known if my real life identity carries an ATM card or not, not to talk of using one. The mail therefore was a randomly-generated one sent after reading my said posts.
Thirdly, a cursory search via Google for InterSwitch’s real website yields several interesting links warning people to the presence of the same said fraudulent site and almost no link to the real McCoy. InterSwitch it seems doesn’t make its URL public - a fact that these spammers are taking full advantage of by posing as them.
The fact that this scam isn’t actually new should have spurred InterSwitch to not only issue strong public statements denouncing the fake e-mails but actually gotten the spammers’ ISP to shut them down. It’s rather scary to think that there’s someone out there who wants to use my card info to login as me and even knows which bank’s terminals I use. In fact the whole thing smacks seriously of an inside job. How many Nigerians actually have the technology to make blank ATM cards which they can later re-program with my card info?
I guess I’m rather lucky but how many more gullible people are going to fall victim before InterSwitch wakes up from their corporate slumber?
Bloggers please beware…Pix: Plastic Cashless. My two currently rather-useless ATM cards. Both aren’t working.
[1] The term “phishing” refers to a process whereby an online trickster (a.k.a. cyber crook) places a link in an e-mail or website which if clicked, directs you to a look-alike of a genuine website that usually requires you logging in with a PIN or password. The phisher’s site database however stores your PIN/password which the crook then uses to log into the real site as
YOU!Imagine if someone were to design a webpage that looks exactly like your Blogspot.com login page. After logging in, the fake site then saves your login info into a database which the phisher uses to log into the real Blogspot.com page as you. Once the hacker is in, the damage he / she could cause to your blog is endless including posting slanderous things, insulting other Bloggers in comments posing as you, change your password (thereby locking you out of your blog) or (God forbid!) even deleting the
WHOLE blog.
Apart from blogging, the most targeted sites for phishing are financial sites like online banks and auctions where the phishers use the stolen PIN info to operate the victims’ accounts transferring the cash inside into their own accounts and running up monumental debts for the real account holders.
Posts
