NBI warns against phishing syndicates
The National Bureau of Investigation (NBI) yesterday warned the public of the existence of "phishing" syndicates that are victimizing clients of banks and financial companies.
Phishing involves spoofing or sending a fake email to convince a bank client or customer to "confirm" online their account information and passwords.
According to the authorities, they are now working on tighter filtering systems for banks' internet transactions.
NBI is now closely coordinating with Internet Service Providers and bank officials in an attempt to bust the ring.
Citing information reaching them, NBI agents said a newer browser software would prevent fake sites from being accessed even if the user clicks on the email message.
"Not only do we need stricter software, but we also need a publicity drive so people will be aware of this scam. We hope the banks and financial institutions can do their part by informing not just their clients but also the general public," said a senior official at the NBI, who requested anonymity.
However, the NBI official said the work should not rest completely with the government. Banks also need to help disseminate anti-Phising information since syndicates have started using banks' logos and spoofing their websites.
In one instance, the source said, a syndicate even managed to copy the logo and website of a financial consultancy firm affiliated with US-based CitiGroup.
"Such a racket has been going on in past years in the United States and Europe. Many phishing emails have been traced to syndicates in Russia," the source said.
In one particular email of the syndicate, it showed that it originated from the Smith Barney Group, a subsidiary of CitiGroup Global Markets Inc., owned by universal bank Citibank.
The sender had a supposed customer service reference number (email@example.com), and bore the subject line "Please Read This Message."
"Dear Smith Barney Customer, Technical services of the Smith Barney are carrying out a planned software upgrade. We earnestly ask you to visit the following link to start the procedure of confirmation of customers' data," the letter said.
An Internet hyperlink (https://www.smithbarney.com/cgi-bin/login/confirm.cgi) followed the first two sentences.
"This instruction has been sent to all Smith Barney customers and is obligatory to follow. Customers support service," the email added.
Upon closer inspection of the email however, it would show that the message itself was a link that did not lead to the Smith Barney website.
- BusinessWorld, Oct. 13 issue