If you get e-mail from a bank or eBay asking for your account numbers — don’t do it. Forward the e-mail to your bank’s fraud department immediately.

An alarming number of e-mails has been showing up in local in-boxes, purporting to be from Washington Mutual, showing the bank’s logo and asking you to visit a Web site and "confirm" your account information to foil "access (to your bank account) by an unauthorized third party." The irony is that if you give them what they ask for, you will have "access by an unwanted third party."

What you need to know as a first line of defense against such "phishing" (pronounced "fishing") e-mail scams is that your financial institution or eBay already has all of your personal information, Social Security numbers, user names, credit card numbers (if appropriate), and you should never provide the information based on an e-mail request, said Washington Mutual spokesperson Olivia Riley in Seattle.

"We would never ask for that information in an e-mail," said Riley. "No financial institution would. If the client goes to our Web site and is asked for that kind of information, it’s OK, but it would only happen in a consumer-initiated contact and would only happen the first time (when setting up an account)."

John Hall, spokesman for the American Bankers Association in Washington, D.C., said the 3 percent of bank customers who fall for phishing scams are "made whole" (reimbursed) for any transaction they did not authorize.

Advertisement

"This scam has been going on for a couple years," said Hall. "It’s not just Washington Mutual, so clients shouldn’t think they can be more safe by switching banks. It’s happening to tons of banks — Citicorp, everyone."

The fraudulent e-mail is sent to a large base of e-mail addresses, whether the recipients are customers of the bank or not, Hall said. As one of the northwest’s most popular banks, Washington Mutual is a prime target.

"They cast a huge net," said Riley, adding that only a fraction of 1 percent of Washington Mutual customers fall for the scam, probably due to a Web-savvy population in the Northwest.

It contains language like this: "We recently reviewed your account and suspect that your (bank) account may have been accessed by an unauthorized third party."

The e-mail gives a Web address that appears legitimate, but actually links to a fraudulent Web site that captures any valuable financial data you submit.

The e-mail sent to Rogue Valley addresses this week instructs: "Log on to your account (via the fake link provided). In case you are not enrolled yet for Internet Banking, you will have to use your Social Security number as both your Personal ID and Password and fill in the required information, including your name and account number."

The perpetrators are organized crime rings in the United States that sell the purloined account info to criminals in Eastern Europe, beyond the reach of American law enforcement, said Hall.

Financial institutions, which suffer significant losses from Internet fraud including harm to their reputations, ask clients to forward such e-mails to their security departments (spoof@wamu.com for Washington Mutual).

The bank identifies the Web site used in the scam and promptly shuts it down, said Hall.

The crime may also be reported to the Anti-Phishing Working Group via www.antiphishing.org on the Web. They cite alarming statistics: There were 100 phishing scams reported each week in September — and 500 per week by the end of 2004.

Since financial institutions have to pay for all fraud against customers, they have mounted a vigorous education campaign, said Hall, noting that Washington Mutual is sending out a detailed brochure with next month’s account statements and is directing clients to its homepage to learn countermeasures. It pays to help out because what costs your bank costs you in higher fees.

Customers should review all statements monthly: checking, savings, credit card, eBay — and report any unusual activity immediately, Hall said. Banks also use anti-fraud software to comb accounts and will notify customers if they spot anomalous activity, like the purchase of a $10,000 necklace in Romania, he added.

John Darling is a free-lance writer living in Ashland. E-mail him at jdarling@jeffnet.org