1. Headline
  1. Headline
By Herb Weisbaum ConsumerMan
msnbc.com contributor
updated 5/8/2007 4:54:12 PM ET 2007-05-08T20:54:12

A new mutation of the old phishing scam has recently surfaced. Like thousands of previous phishing e-mails, this bogus bank notice asks for your personal information. But in a strange and novel twist, it tries to turn your own phone against you.

  1. Stories from
    1. Ryan Lewis: My Mom Has HIV
    2. See Katy Perry as an Elderly Burlesque Dancer and More in This 'Birthday' Teaser
    3. Bachelorette Contestant Eric Hill in a Coma After Paragliding Accident
    4. PHOTOS: Check Out the Winners of Our Easter Egg Decorating Challenge
    5. Watch: Snoopy, Garfield and Other Cartoon Characters Go Bald to Help Kids with Cancer Cope

The e-mail I saw appears to be from Bank of America. “During our regular update and verification we could not verify your current phone number,” it says. You are told to confirm your phone number right away "or your account will be suspended indefinitely."

Then you’re instructed to forward your phone to the number provided. It’s supposedly the phone number for the bank’s security department. “Bank of America will verify your phone number and will disable call forward within 20 minutes,” the e-mail says.

Don't do it! Don't do any of it. This e-mail is not from Bank of America and that number does not go to their security department. It’s a Skype number that goes straight to the identity thieves who can be anywhere in the world.

This new phishing scam was spotted by Mal-Aware.org, a group that focuses on malicious activity on the Web.

“This is the first one we’ve seen that is specifically focusing on forwarding your phone number,” says Mal-Aware’s founder, Lance James.

If this new twist works, James says we’ll see similar messages pretending to be from other financial institutions asking people to forward their phone number.

After an identity thief steals your credit card number, he needs a way to make money with it. He can charge things or sell the number for others to use. In either case, once the charges start piling up on your account, the bank’s computers are likely to flag these abnormal or “out of profile” transactions and alert the fraud department.

Image: Screen shot of phishing site
The e-mail appears to be from Bank of America. It instructs you to confirm your phone number right away "or your account will be suspended indefinitely." Don't do it!

If the bank calls to find out if you’re really making all of these purchases and your phone number is forwarded to the bad guys, the crooks can pretend to be you and say everything is OK. It buys them more time to run up the tab before the card is shut down.

Mal-Aware’s Lance James tells me there’s another way a credit card hijacker can make money with your account number. They can use it to wire money to themselves or an accomplice.

When the ID thief calls Western Union or some other wire transfer service, he’ll use spoofing caller ID to fake your phone number. In other words, it will look like the call is coming from your phone. When the money transfer service calls to verify the transaction, as many now do, they’ll call your number, which is forwarded to the crooks who will approve the transfer.

The Anti-Phishing Working Group, a consortium of hundreds of banks, e-tailers, technology companies and government agencies, warns that a growing number of phishing attacks are being designed to steal your personal information by downloading crime-ware onto your computer. They do that when you click the link that’s embedded in the phisher’s e-mail message, the one that’s supposed to take you to the financial institution’s Web site.

“If they can get this software onto your computer, they don’t have to work so hard to fool you,” explains the APWG’s Secretary General Peter Cassidy. They can monitor your online transactions and snag what they want without your knowledge.

“If the crime-ware recognizes a bank that’s a target of their interest, it will intercept the user’s name and password,” Cassidy says. “The crime-ware can literally take what the phishers need to propel their enterprise.”

Cassidy says APWG has now seen malicious software that can scan a user’s name and password for more than 350 different financial institutions.

How can you protect yourself?
Phisher scams continue to flourish because they work. They work because they catch you off guard and go for your gut.

“It’s not a stupid person, it’s a distracted person,” Cassidy says. “It’s a person who’s tired, who’s been jumped with something that looks really good and is hard to tell from the real thing.”

To fight back, you need to slow down a bit when you’re asked to rush and do something potentially dangerous, such as transmit your personal information.

“If someone wants you to go fast, ask why,” Cassidy urges. “Ask what would they gain from that?”

If you get an e-mail that seems a little strange and you want to find out what’s really going on, go to the real company’s Web site and contact customer service or the fraud department.

Don’t use a link in an e-mail. It could take you to a bogus site that looks just like the real one. Type in the URL yourself.

Don’t use a phone number provided in an e-mail. It could be a fake. If you decide to call the bank or financial institution, look up the number yourself.

Remember: If you fill out a form with your personal information and click “submit” it’s gone, and there’s no taking it back once you realize you’ve been scammed.

Additional resources:

© 2013 msnbc.com.  Reprints


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments

More on TODAY.com

  1. Pool / Getty Images

    Prince William, Duchess Kate try their hand at the DJ decks

    4/23/2014 4:30:48 PM +00:00 2014-04-23T16:30:48
  1. 9 foods to 'spring clean' your diet 

    Want to wring out your system as part of the annual spring cleaning? Skip the weird (and often dangerous) detox diets or cleanses.

    4/23/2014 11:10:55 AM +00:00 2014-04-23T11:10:55
  1. Lupita Nyong’o is People magazine’s Most Beautiful person

    The Oscar winner with the perfect smile and the style to match beams from a cover that promises "her inspiring story.

    4/23/2014 11:54:41 AM +00:00 2014-04-23T11:54:41
  2. video Actress tells Savannah: Oscar win has opened doors

    video After a tremendous year for the actress, including winning an Oscar for her breakout role in “12 years a Slave,” and now being selected as People magazine’s Most Beautiful person, Lupita Nyong’o reflects on her rising fame in an exclusive interview with TODAY’s Savannah Guthrie.

    4/23/2014 12:35:32 PM +00:00 2014-04-23T12:35:32
  3. slideshow Her flawless looks: See Lupita’s colorful wardrobe

    slideshow Bright yellow, sky blue, rich red, shimmering gold — there's not a color that the fashionably adventurous Oscar-winning actress hasn't conquered.

    4/23/2014 1:40:41 PM +00:00 2014-04-23T13:40:41
  4. Reuters; AP
  1. Courtesy of Savannah Guthrie

    Savannah’s honeymoon dispatch: Letting it hang out on the best vacation ever

    4/23/2014 10:56:55 AM +00:00 2014-04-23T10:56:55