SOUTHERN UTAH – Many people in Southern Utah have received phone calls and text messages the past few days from someone purporting to represent Wells Fargo bank, using various ruses seeking to obtain personal information. In short, it is a phishing scam, with a newer twist, which Mark Chapman, spokesman for Wells Fargo Utah, believes merits some reminders and helpful admonitions.
Phishing, in simple terms, is the activity of defrauding an online account holder of financial information by posing as a legitimate company. The term’s origins from the 1990’s may be inspired by the word fishing, perhaps borrowing the ph from phony. In fact, that’s what phishing is – it is a phony casting a broad net in hopes of catching information for improper purposes.
Chapman put it this way, those phishing “just target a large customer base with the hope that they’ll get a few people to provide personal information, that is the goal absolutely, and if they can to access accounts – whether they do that by email, by phone or in this case by text – it’s all the same scam with new twists, new technology.”
He said that this particular incident came to his attention on July 19. “We’re pretty aware of what is coming in and coming out, … we already have our arms around this particular incident.”
In this case, Chapman said, “I believe what’s going on is primarily by text and also by automated message – when you call back you get another automated message asking you to leave your personal information.” He sees the text messaging approach as a newer twist given that many are now savvy to phishing expeditions that come by email.
Wells Fargo is “working hard to get this shut down,” said Chapman, “the thing is some of the phone numbers they (the phishers) provide belong to legitimate businesses. So those numbers that are tied to a legitimate business aren’t being shut down, and those numbers are wondering why they’re being called. So we shut down automated system.”
Although this current incident seems to target Southern Utah, it is hard to say where it originates. “It is rare that they (the phishers) are necessarily in this country, ‘fraudsters’ can be anywhere, we don’t know exactly where the scam is originating from.”
The concern of interest to Wells Fargo and to any financial institution whose name is misappropriated in a phishing scam is whether or not the customer has compromised their personal information.
Neither Wells Fargo nor any reputable financial institution, for example those represented by the Utah Bankers Association, will ever solicit any customer’s personal information by text message, email, telephone or other electronic communication.
Emphasizing that no financial institution will “reach out to you” to get your personal information, Chapman put it this way, “We know everrrything – so if anyone is asking you for anything personal, DO NOT GIVE IT!”
By contrast, he said that when a customer contacts his or her financial institution, to and through a well established phone number, website, or the like, the institution will likely request the customer verify some partial identifying information, the last four digits of a social security number, partial numbers from a credit account, or otherwise. But the financial institution will never ask for such information the other way around; it already has it in full.
WHAT TO DO WHEN CONTACTED by anyone you suspect might be phishing:
1. Ignore, refuse to supply information, disengage; it is not necessary to notify the financial institution, Wells Fargo or otherwise, whose name was misappropriated.
2. If you realize too late that you may have supplied information, even partial information, to a suspicious inquiry, notify the named financial institution directly, and notify the three major credit-reporting agencies.
In the instance of Wells Fargo currently, Chapman stressed, “We want them to call if they compromised their information.” To do so, he suggests you telephone, go into your own local branch in person, or call any Wells Fargo established number. He added that if you have given any PIN numbers, it is a big red flag and notifying the involved financial institution should be your highest priority.
To notify the three major credit-reporting agencies of any suspicious inquiry, to which you have responded and possibly compromised your personal information, the following links are provided for your use:
Chapman summed it up well, “This specific one is targeted to Wells Fargo, but that doesn’t mean that there isn’t another one coming out next week utilizing another institution.”
Gone phishing? No, it is not gone – the best defense is awareness and suspicion. Your financial institutions will never call you, reach out to you as Chapman expressed it, asking for your personal information on any financial account in place; they already have it all.
Copyright St. George News, SaintGeorgeUtah.com LLC, 2011, all rights reserved.