|U.S. Bank Email Scam|
|Netlore Archive: Spam email masquerades as a message from U.S. Bank requesting personal information from its customers. Don't bite!|
Email example contributed by Sam C., 18 Jan. 2004:
Subject: Your account at U.S. Bank has been suspended.
Dear U.S. Bank account holder,
We regret to inform you, that we had to block your U.S. Bank account because we have been notified that your account may have been compromised by outside parties.
Our terms and conditions you agreed to state that your account must always be under your control or those you designate at all times. We have noticed some activity related to your account that indicates that other parties may have access and or control of your information in your account.
These parties have in the past been involved with money laundering, illegal drugs, terrorism and various Federal Title 18 violations. In order that you may access your account we must verify your identity by clicking on the link below.
Please be aware that until we can verify your identity no further access to your account will be allowed and we will have no other liability for your account or any transactions that may have occurred as a result of your failure to reactivate your account as instructed below.
Thank you for your time and consideration in this matter.
Before you reactivate your account, all payments have been frozen, and you will not be able to use your account in any way until we have verified your identity.
Comments: This is yet another email "phishing" scam whereby con artists attempt to trick bank customers into divulging personal information by mimicking official correspondence from a financial institution. A notification on the U.S. Bank home page states: "U.S. Bank will never initiate a request for sensitive information from you via email (ie., Social Security Number, Personal ID, Password, PIN or account number). If you receive an email that requests this type of sensitive information, you should be suspicious of it. We strongly suggest that you do not share your Personal ID, Password, PIN or account number with anyone, under any circumstances."
The U.S. Federal Trade Commission offers these further tips on avoiding being "hooked" by phishing scams:
- If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or Web site address you know to be genuine.
- Avoid emailing personal and financial information. Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission.
- Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
- Report suspicious activity to the FTC. Send the actual spam to firstname.lastname@example.org. If you believe you've been scammed, file your complaint at www.ftc.gov, and then visit the FTC's Identity Theft Web site (www.ftc.gov/idtheft) to learn how to minimize your risk of damage from identity theft.
Sources and further reading:
US Bank - Email Fraud Information and Help
From US Bank's home page
'Spoofing' and 'Phishing' and Stealing Identities
About U.S. Gov Info/Resources
'Phishing' Scams Reel in Your Identity
CNN, 22 July 2003
How Not to Get Hooked by a 'Phishing' Scam
Federal Trade Commission consumer alert
Last updated: 01/19/04