Banking - Online - Fraud** Long post alert**
This is a FRAUD ALERT and should be taken VERY SERIOUSLY. If possible, tell others of this phenomenon so that they can protect themselves appropriately.
Dear Blogville,
There exists out there a certain crooked individual / group of individuals who are not reading our blogs out of distraction or recreation, or even out of appreciation of our literary skills. He / she / they are reading your blog to see what tiny piece of personal information they can steal from it to defraud you.
And I should know… I almost fell victim to their antics!
Some dude (who imagines he’s smart) after reading of my ATM worries on my other blog (see here and here) has decided to pester me with e-mail purportedly originating from InterSwitch, the company behind almost all ATM transactions in Nigeria.
Excerpts from the e-mail are reproduced below:
Dear Interswitch Card Holder,
During our regularly scheduled account maintenance and verification procedures with affiliated banks, we have detected a slight error in your account information.
This might be due to either of the following reasons:
1. A recent change in your personal information (i.e. change of address).
2. Multiple failed attempts on online shopping websites.
3. An inability to accurately verify your selected option of payment due to an internal error within our processors.
Please update and verify your information by clicking the link below: (link had been removed by blogmaster for your safety)
If your account information is not updated within 48 hours then your ability to access your account will become restricted.
Note: Card Number (printed on card issued by bank) and Pin are numeric. Refer to your Debit and/or Cash Cards.
Thank you for choosing, Interswitch
Further information at the bottom of the mail listed several possible terminals where I may have unsuccessfully attempted to use my ATM in the recent past. I admit I was curious to see where the link led to but curiousity was definitely not going to kill this cat, no siree! The link, characteristic of fraudulent “phishing” requests [1], actually leads to a fake Interswitch site that requests your Card Number and PIN.
After getting such a mail, several red flags should pop up instantly in the receipients’ minds. First of all, InterSwitch, being the operators behind the cash cards already possess a database containing all their issued cards alongside each Customer’s PIN which the terminal cross-checks each time you use your card. Asking you therefore to fill in such same information into a vulnerable website is therefore very stupid to say the least.
Second, what actually got all the flags in my head flying at full mast was the fact that I NEVER use this blog’s e-mail ID for any sort of official matter or correspondence whatsoever. None of my bank details contains such info so unless InterSwitch employed the services of a particularly strong sorcerer, there’s absolutely no bloody way they could have known if my real life identity carries an ATM card or not, not to talk of using one. The mail therefore was a randomly-generated one sent after reading my said posts.
Thirdly, a cursory search via Google for InterSwitch’s real website yields several interesting links warning people to the presence of the same said fraudulent site and almost no link to the real McCoy. InterSwitch it seems doesn’t make its URL public - a fact that these spammers are taking full advantage of by posing as them.
The fact that this scam isn’t actually new should have spurred InterSwitch to not only issue strong public statements denouncing the fake e-mails but actually gotten the spammers’ ISP to shut them down. It’s rather scary to think that there’s someone out there who wants to use my card info to login as me and even knows which bank’s terminals I use. In fact the whole thing smacks seriously of an inside job. How many Nigerians actually have the technology to make blank ATM cards which they can later re-program with my card info?
I guess I’m rather lucky but how many more gullible people are going to fall victim before InterSwitch wakes up from their corporate slumber?
Bloggers please beware…
Pix: Plastic Cashless. My two currently rather-useless ATM cards. Both aren’t working.
[1] The term “phishing” refers to a process whereby an online trickster (a.k.a. cyber crook) places a link in an e-mail or website which if clicked, directs you to a look-alike of a genuine website that usually requires you logging in with a PIN or password. The phisher’s site database however stores your PIN/password which the crook then uses to log into the real site as YOU!
Imagine if someone were to design a webpage that looks exactly like your Blogspot.com login page. After logging in, the fake site then saves your login info into a database which the phisher uses to log into the real Blogspot.com page as you. Once the hacker is in, the damage he / she could cause to your blog is endless including posting slanderous things, insulting other Bloggers in comments posing as you, change your password (thereby locking you out of your blog) or (God forbid!) even deleting the WHOLE blog.
Apart from blogging, the most targeted sites for phishing are financial sites like online banks and auctions where the phishers use the stolen PIN info to operate the victims’ accounts transferring the cash inside into their own accounts and running up monumental debts for the real account holders.
Posts
Dang!!
ReplyDeleteThat is serious ooo! I'm glad you didn't fall for it. If someone were to log into my blog and do damage (like delete the entire thing), there is no telling what I'd do.
Thanks 4 this info.
Thankfully, i use Thunderbird for my personal email client.. and when i click a link it actually shows me what the real URL is... Might actually have fallen for the trick cos one of my cards had gotten blocked cos i'd lost the PIN.....
ReplyDeletethanks so much for sharing this love
ReplyDeletehahahaha this was really funny. People will do anything to make a dollar. Still pondering at the fact..how could someone use my blog account to send me an email about my credit cards...
ReplyDeletesmart one
*formally Kin'shar
@ Vera: Dang! You're welcome. Just imagine if someone took over my blog and started posing as me and leaving you love letters in your comments!
ReplyDelete@ DB: Gmail also show me the mail was from an unverified URL and moved it to the Spam box. That's what tipped me off at first. Gmail also sent me links to articles which advise you to disregard sites which send e-mails soliciting for your PIN and other personal info. The problem is how many people actually bother with reading such warnings?
PS: If someone was looking for a vunerability in your e-mail client, you just unwittingly told them which one to attack!
@ Standtall: You're welcome dear. You called me love? Hmm... ask Woomie, I just love mis-interpreting things! Just kidding!
@ Oyin (formerly Kin'shar): Some bloggers like me put their e-mail addresses on their Profile page. A smart but desperate scammer could read your posts and think up a scheme to tie in with your current financial / romantic / health situations at the moment.
And we bloggers really do say more than is necessary sometimes...
Guess that's the lack of information literacy that gets to fry us eventually... fundamental mistkae from moi... although the beauty of opensource is that either the vulnerability has been very well researched or the antidote is also available... lol
ReplyDelete@ DB again: Yeah, you're right. The flaw usually stems from us being gullible - not the software...
ReplyDeleteyeah ok...I understand. But heres the thing...I dont respond to anyone that I dont know personally...I dont even open, I just delete.
ReplyDeleteAh my bloggers are my love na. Thanks for misinterpreting
ReplyDelete