Gone phishing: Internet has `opened up a world of fraud'

It's always `phishing' season for Internet savvy fraudsters, and e-mail users are being warned not to get hooked. The Financial Consumer Agency of Canada (FCAC) says phishing involves emails where fraud artists pretend to represent banks and request private information, which thieves then use to access accounts. E-mails received recently by Halton area Metroland newspapers, including The Independent & Free Press, informed the recipients their Royal Bank accounts had a problem and requested that any password changes be reported. The e-mails included the bank's logo. "Financial institutions never send emails like this," said Martine Belanger, a spokesperson for the FCAC. "They don't contact their clients by e-mail or ask for personal information by e-mail." "RBC employees are never authorized to ask those questions," said Beja Rodeck, RBC Royal Bank's director of media and public relations. Rodeck advises customers never to share their online banking password or any personal identification. In the e-mails sent to the newspapers, the link for verifying account activity has since been closed. Rodeck said the bank works with enforcement agencies to shut down phishing links once they are detected. But phishing expeditions are unpredictable and can't be prevented, she said. "All banks get these e-mails and many organizations face this type of problem. Basically, these things have been around for a couple of years," said Rodeck. "We're doing a lot of work to educate customers about fraudulent e-mails. We have information in our branches." She said if a client's information is compromised through no fault of their own, they will be reimbursed for any losses. Rodeck said customers can go directly to their bank branches if they're notified of problems or asked to provide information. RBC Royal Bank has a fraud line for customer inquiries at 1-800-769-2555. Belanger said anyone who receives one of these phishing emails should never respond to it. "You must refrain from clicking on any links or calling any number in the e-mail because you could be directed to a phony website. They might have some software that enables them to place some type of "cookie" or virus on your private computer that could retrieve some personal information from your computer," said Belanger. Detective Rob Lloyd, who heads the Halton Regional Police Fraud Bureau in north Halton, said these phishing e-mails are so common that local police don't even investigate them. Phishing scams are investigated by the OPP and RCMP, because they have the international resources they can use. Lloyd urges e-mail users to ignore these types of e-mails, and delete them. OPP and RCMP Det. Sgt. Joe Barker said those sending phony e-mails are very good at copying company logos and making their requests seem legitimate. He recalls previous phishing attempts aimed at bank accounts of RBC Royal Bank and CIBC customers. "The Internet has opened up a world of fraud," said Barker. "People need to act extremely cautiously when dealing with anything over the Internet." Barker advises against doing business over the Internet or the phone when it involves personal accounts. Requests by mail should also be double-checked, said the sergeant. "Before you give information to anyone, confirm they are legitimate," he said. "I'm constantly amazed at people who turn over information without second guessing it." Barker said, when informed of a problem with their account, customers should handle it in person. "Go into the branch and speak to the manager in the bank," said Barker. "Don't meet anyone in parking lots or restaurants." He added customers should call or visit their local bank branch instead of phoning the number on the letterhead of correspondence sent to them. Barker said mass e-mails can be sent, even to non-customers of the banks, in the hopes that a few consumers will be tricked. He said he's not sure where the latest phishing scam originated because they are usually bounced through three or four locations. The FCAC is also warning of a new scam called vishing, a new twist on fraud using telephone systems (short for voice phishing) that mimic eBay or PayPal and direct targets to a false customer support phone number or they call consumers directly and inform them of account `problems'. Vishing hooks consumers using two different approaches. The e-mail based version of the scam uses e-mails that mimic messages from an online payment service provider and provides them with a false customer-support telephone number. When consumers call, automated service prompts them to "log in" by providing account numbers and passwords, using the telephone keypad. Consumers may also receive direct calls at home, or messages left on their answering machine warning that their account may be at risk and suggesting they call customer support immediately. Fraud artists may even try to gain consumers trust by confirming personal information they have on file, such as the clients' full name, address or credit card number.