One week ago, University senior Kate Sullivan received an unusual e-mail from her bank, Oregon Community Credit Union. The e-mail said there had been multiple attempts to log into her account from a foreign IP address, and said she should log on herself to check for any irregular transactions.
Sullivan checked it out. She thought it was probably nothing.
“I didn’t really think anything much of the e-mail when I responded to it,” she said.
Not until three days later did Sullivan realize the error of her ways. She logged on again Thursday, only to find that several large transactions in California (where she hadn’t been) had drained more than $1,000 from her account.
Sullivan was a victim of identity theft.
“I was definitely freaking out. I didn’t know what had happened,” she said. “I also didn’t know what was going to happen with the money that was lost. That was scary.”
Sullivan was one of at least eight Oregon Community Credit Union customers victimized last week by the fraudulent e-mail, a “phishing” scam designed to prompt people to unknowingly give their personal account information to the wrong source, said OCCU Director of Marketing Laura Illig.
“They’re basically fishing for your information,” Illig said, who added that even a small credit union like OCCU can get as many as four such scams per year.
Andre Chinn, coordinator of instructional technology in the University’s journalism school, who received the initial message, traced the e-mail to a server in Mexico after copying the link into a separate window. The link’s Web address ended in “.mx” instead of “.com” or “.org,” which tipped him off to the location, Chinn said.
Chinn responded Monday by sending out a warning e-mail to University faculty and students in the University’s School of Journalism and Communication.
“I was actually already a bit sensitive to the issue, because a member of our faculty had already received a similar phishing e-mail from Amazon.com,” he said.
Chinn said he typically receives one or two such e-mails pretending to be from various companies each week, though this was the first he had seen from OCCU.
“From what I understand, phishing is becoming a more common tactic than spam e-mail,” Chinn said. “At least that seems to be the trend.”
It is a problem that banks are constantly working to counter, Illig said.
“It’s not just us. It’s unfortunately a national thing,” Illig said. “The criminals keep getting better at it, so we have to work to stay one step ahead of them.”
To do so, many banks, including OCCU, employ a department whose sole purpose is to investigate and detect fraud.
For Sullivan, the situation ended well. She rushed to her bank Thursday upon learning of the fraud, and OCCU quickly restored her funds and gave her new information to prevent further scam, she said.
“They were really good about it,” Sullivan said. “I got a new account and I got a new debit card right there.”
Though the phishing problem is fairly common among banks, Illig said, this particular effort was more sophisticated than most. While many don’t prompt any responses at all, the authentic look of last week’s scam caused more people to respond to it, Illig said.
“It looked like a real e-mail from the bank,” Sullivan said. “It had the logo and everything.”
There are several ways that people can protect themselves from identity theft and fraud. For those who bank at OCCU, Illig said it is important to remember that the bank never sends out an e-mail requesting personal information. It will always call. Anyone who receives such an e-mail should call the bank first to confirm it, Illig said.
People should also be wary of giving out personal information, and frequently check their own accounts for irregular activity, Illig said.
Chinn said people can check a link’s legitimacy by simply copying and pasting it into another window, rather than clicking on it.
Sullivan said her experience will change the way she takes care of her information, after a mistake that nearly cost her all her assets.
“You have to be extra careful with stuff like that, because people will take advantage of you,” she said. “I’ve definitely learned my lesson.”
Contact the business, science and technology reporter at [email protected]
E-mail scam deceives local bank’s clients
Daily Emerald
March 11, 2007
More to Discover