Minutes after hanging up after a discussion with two Washington Mutual executives about the increase of the fake messages known as "phishing,"...
Minutes after hanging up after a discussion with two Washington Mutual executives about the increase of the fake messages known as “phishing,” I received a message from wamu.com.
My first thought was that it was an on-the-ball PR rep thanking me for my time. But no. Instead it was one of the aforementioned annoying phishes, telling me there was a problem with my account, and I had to log on in order to fix.
These notices are pretty disturbing. The first time you get one, the inclination is to follow the instructions. Log onto the site. Type in your account number — wait a minute. This is where you should get off.
Most Read Stories
- Swastika-wearing man punched on Seattle street, removes swastika, police say
- 'Polite Robber' suspect told similar sob story when arrested 8 years ago
- Pete Carroll on Seahawks offense: 'There will be some things that will be a little bit different this week' WATCH
- In Seattle mayoral race between Jenny Durkan and Cary Moon, it’s the same old sexist nonsense | Nicole Brodeur
- U.S. Attorney General Jeff Sessions sips a 'Nuke Waste' during low-key visit to Kitsap
“People need to be careful,” said WaMu Chief Information Security Officer Dave Cullinane. “They should know that any bank will never ask for information that it already has.”
His phish-fighting strategy is simple, and follows three steps. Analyze the message. Consider why it was sent. And contact your bank if you have questions.
WaMu will address each case individually, but if customers act properly they won’t be penalized excessively for any mistakes. The best way to avoid the problem is to not make mistakes in the first place.
Cullinane said banks often use e-mail to contact their customers. But there are two ways to determine a message’s legitimacy: Anything that asks for information instead of supplying it is a fake.
And because banks are notoriously fussy about usage, a message with bad grammar should be ignored and reported.
It turned out that tonight’s message advised me to “check you account profile.”
Cullinane said such messages are random and sent out by the millions. But he couldn’t explain why I have gotten several fake messages from WaMu — where I have an account — and nothing from places where I do not bank. He said it is all chance, and has to do with how many places list my address.
If I were to get something from Bank of America or Joe’s Bank and Grille, I would know it was a fake and delete it immediately. But the law of averages says that at least some of the messages will reach people who bank with that particular institution.
While we are looking at WaMu, many other banks are going through similar exercises. They all have a staff in place to deal with these complaints, and leave instructions on their Web site as to where customers should forward these skanky messages.
And many banks have efforts in place to take away phishing licenses. WaMu’s advice page — www.Wamu.com/personal/welcome/security.htm#emailscam — is as good a place as any to start.
The important thing is to not feel you are stupid for falling for this game.
“When people are in the middle of dealing with a work crisis and they get one of these messages, they will just react and follow instructions without thinking,” Cullinane said. “They need to contact their bank immediately if they have done something wrong.”