Online crooks and scam artists are proving that the most effective way to get would-be victims to give up their private information and account details is to convince the victims that they need watch out for people trying to steal their account details.
If it sounds a little redundant, that's the point, according to the security firm Trusteer. The devious beauty of these types of phishing scams is that the victims are essentially welcoming in the enemy, believing that he is there to get rid of the problem, when in fact he is the problem.
These phishing scams, in which the recipient is told his bank account has been "locked," or that he's made an "unauthorized transaction" and must now submit all his personal information in order to "unlock" the account or "verify" his identity, have been around for a long time. And there's a reason: They work.
Cybercrooks, Trusteer's Amit Klein explained, favor these social engineering attacks because they play directly into the victim's fear, especially the scams that promote themselves as "enhanced" security features, such as two-factor authentication, from the recipient's bank.
In one example, Trusteer found a phishing email that told the banking customer, "We locked your account beacuse we needed to draw your attention to the fact that you didn't complete our security online form for the year 2012."
All the user has to do to "finish the process," and take advanage of what he thinks is a feature that will give him an extra line of defense against cybercriminals, is complete a form that asks for his personal information.
"It seems that most fraudsters have come to the conclusion that messages created to address security issues stand a better chance of attracting users' attention and gaining their trust," Klein wrote. "These phishing emails usually call for immediate action and threaten users that their account will be blocked if they fail to take the required action."
Trusteer also warned of scareware scams that appear to come from legitimate anti-virus companies; Klein found one that spoofed his own company's logo to promote an enhanced security feature that, when clicked on, redirected the user to a variety of phishing pages asking for personal and financial details.
It's important to remember that despite the proliferation of these often expertly crafted banking scams, a legitimate bank or credit card company would never ask you to submit your personal financial data online. If you come across an unsolicited email or pop-up window asking for your confidential information, ignore it.