A two-year FBI investigation into phishing, or cybercrime efforts to gain access to bank accounts via fraudulent emails, has resulted in a sting operation against 100 people in the US and Egypt. The phishing scam stole approximately $1.5 million from at least 5,000 customers of at least two U.S. banks (Bank of America and Wells Fargo) according to news reports.
The operation worked something like this, though details are still emerging. The criminal ring began in Egypt where the work to create the database of email accounts, the fake emails from the banks, and the fake log-in pages was handled. Then the crooks needed to get some U.S. co-conspirators to open local bank accounts that could receive the stolen money. So far, 53 arrests have been made in the U.S. with 3 ringleaders based in Southern California, and another 47 arrests made in Egypt. This investigation represents the first joint investigation between the FBI and Egyptian law enforcement and is the largest cybercrime phishing case to date.
Tips to remain safe from phishing haven’t changed:
1. Never click a link in an email to address an account concern with a bank, retail establishment, online auction or payment system site. Type the address in yourself.
2. Don’t expect that you can spot a bad or good url. It’s extremely difficult and phishers get more sophisticated in how they trick consumers each year.
3. Ensure your computer security software defends against phishing sites. Both Norton 360 and Norton Internet Security 2010 offer phishing protection and tag dangerous websites in your search results.
4. Only log on to your banking site from a secure computer and a secure network. Don’t log in from open wifi or computers you don’t manage yourself.
5. Teach your children to be cybersafe so their mistaken clicks don’t undermine your good security.
To learn more about cybercrime and online safety, visit http://www.everyclickmatters.com/
Read the Symantec Security Response blog posting by Kevin Haley here.
I spoke with CBS-Radio’s Larry Magid on this topic yesterday and you can listen in here.
And here’s a fun video that explains how phishing works.
.