Minutes after hanging up after a discussion with two Washington Mutual executives about the increase of the fake messages known as "phishing,"...

Share story

Minutes after hanging up after a discussion with two Washington Mutual executives about the increase of the fake messages known as “phishing,” I received a message from wamu.com.

My first thought was that it was an on-the-ball PR rep thanking me for my time. But no. Instead it was one of the aforementioned annoying phishes, telling me there was a problem with my account, and I had to log on in order to fix.

These notices are pretty disturbing. The first time you get one, the inclination is to follow the instructions. Log onto the site. Type in your account number — wait a minute. This is where you should get off.

Most Read Stories

Unlimited Digital Access. $1 for 4 weeks.

“People need to be careful,” said WaMu Chief Information Security Officer Dave Cullinane. “They should know that any bank will never ask for information that it already has.”

His phish-fighting strategy is simple, and follows three steps. Analyze the message. Consider why it was sent. And contact your bank if you have questions.

WaMu will address each case individually, but if customers act properly they won’t be penalized excessively for any mistakes. The best way to avoid the problem is to not make mistakes in the first place.

Cullinane said banks often use e-mail to contact their customers. But there are two ways to determine a message’s legitimacy: Anything that asks for information instead of supplying it is a fake.

And because banks are notoriously fussy about usage, a message with bad grammar should be ignored and reported.

It turned out that tonight’s message advised me to “check you account profile.”

Cullinane said such messages are random and sent out by the millions. But he couldn’t explain why I have gotten several fake messages from WaMu — where I have an account — and nothing from places where I do not bank. He said it is all chance, and has to do with how many places list my address.

If I were to get something from Bank of America or Joe’s Bank and Grille, I would know it was a fake and delete it immediately. But the law of averages says that at least some of the messages will reach people who bank with that particular institution.

While we are looking at WaMu, many other banks are going through similar exercises. They all have a staff in place to deal with these complaints, and leave instructions on their Web site as to where customers should forward these skanky messages.

And many banks have efforts in place to take away phishing licenses. WaMu’s advice page — www.Wamu.com/personal/welcome/security.htm#emailscam — is as good a place as any to start.

The important thing is to not feel you are stupid for falling for this game.

“When people are in the middle of dealing with a work crisis and they get one of these messages, they will just react and follow instructions without thinking,” Cullinane said. “They need to contact their bank immediately if they have done something wrong.”

If you have questions or suggestions for Charles Bermant, you can contact him by e-mail at cbermant@seattletimes.com. Type Inbox in the subject field. More columns at www.seattletimes.com/columnists.