Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation

Divider









U.S. Bank Phisher Scam

Summary:
Bogus email that claims to be from the U.S. Bank asks recipients to provide sensitive information via a fraudulent website.



Status:
False

Example:
Subject: Your account at U.S. Bank has been suspended.

Dear U.S. Bank account holder,

We regret to inform you, that we had to block your U.S. Bank account because we have been notified that your account may have been compromised by outside parties.

Our terms and conditions you agreed to state that your account must always be under your control or those you designate at all times. We have noticed some activity related to your account that indicates that other parties may have access and or control of your information in your account.

These parties have in the past been involved with money laundering, illegal drugs, terrorism and various Federal Title 18 violations. In order that you may access your account we must verify your identity by clicking on the link below.

Please be aware that until we can verify your identity no further access to your account will be allowed and we will have no other liability for your account or any transactions that may have occurred as a result of your failure to reactivate your account as instructed below.

Thank you for your time and consideration in this matter.

[LINK REMOVED]

Before you reactivate your account, all payments have been frozen, and you will not be able to use your account in any way until we have verified your identity.




Commentary:
This is a comparatively unsophisticated phisher scam that tries to scare gullible U.S. Bank customers into providing personal information via a bogus website. One of the fraudulent emails (reproduced above) "informs" the potential victim that his or her account may have been compromised and that the account will be frozen until account details are provided. Like other phisher scams, the intent of the email is to trick people into providing identity and banking information directly to the criminals responsible for the scam. The emails are randomly sent to thousands of email addresses. The scammers rely on the statistical probability that some of the recipients will be U.S. Bank customers and that at least a few of them will be naive enough to take the bait.

According to information on the bank website, "U.S. Bank will never initiate a request for sensitive information from you via email". In fact, it would be highly unlikely for any legitimate financial institution to request sensitive information via email, and such a request should always be viewed as suspect until proven otherwise.

Although the bogus website has now been shut down, it is probable that the scammers responsible are already preparing for their next sting.

References:
www.startribune.com/stories
www.kare11.com/news/


Write-up by Brett M.Christensen