Other than be impressed with the convenience of online banking, I really thought nothing much of it. And I thought nothing much of the following E-mail I received in my junk e-mail folder this afternoon.
Dear US Bank Customer,My online E-mail accounts are always putting things in the junk e-mail folder that don't really belong there. Like movie cowboys, they put stuff there first and ask questions later. I dutifully logged in with my screen-name and password and began filling out their form. Until I realized that they were not supposed to be asking me for my debit card and pin number. Too late, I looked in the corner of my screen and saw that the lock was in the open position. I had fallen for it.
During out regular update and verification of the Internet Banking Accounts, we could not verify your current information. Either your information has been changed or incomplete, as a result your access to use our services has been limited. Please update your information.
However, failure to update your records will result in account suspension.
This notification expires on August 11, 2004
To update your account information and start using our services please click the link below: [link to their phony USBank page which looks like the real thing]
I quickly logged onto my online account and saw that thieves had already downloaded a personal banking statement. Consequently, even though I had not keyed in my debit or pin number, they still had my account information because I had inadvertently given them my online id and password. Quickly, I called the USBank number and found my way through the phonetree to the place where I could report fraud. The woman on the other end of the line was friendly enough, but I had to cancel everything. They said that they were going to send me replacement checks and a debit card as soon as they could. All of this has been really aggravating, but I am kicking myself for not noticing that the site was not encrypted earlier.
But this is not the only run-in I've had with thieves this week. Yesterday, my girlfriend's car was stolen. Fortunately, it was recovered that same morning but not before they made off with about one hundred dollars worth of camping supplies and equipment. You may remember from my post in May that my car had been stolen as well. Like that last time, the thieves had driven the car only a few blocks away, and they had ransacked it looking for any items of value, but unlike last time, they actually found something to steal and, in all likelihood, sell.
The police officer this time was a nice young guy who said that car thieves usually use a worn out keys to get the cars started. He said that they can just walk up to a car as bold as brass and have it running in a couple of seconds. He took some fingerprints off of the rear-view mirror before releasing the car back to us. My girlfriend went through many of the same emotions I did when I had my car stolen.
What is wrong with these people? I know that there is a lot of hardship out there, like homelessness and drug addiction, and these things can sometimes lead some people to desperate actions. Intellectually, I know that being detached from material possessions is a virtue that should be developed. But what happened to kindness and consideration for your fellow human being? I can't see what would give an otherwise normal person the ability to take without permission something that does not belong to them. Could you do it? Could you steal someone's car in order to sell the things they left inside? Would you empty out someone's bank account of their last twenty dollars? I don't think I ever would or could, especially after knowing how it feels.
UPDATE: Apparently, this kind of "phishing" for sensitive information is on the rise, and it doesn't just target USBank. Many corporations are being "spoofed," in order to fool customers into giving up sensitive information. If you don't know what "phishing" or "spoofing" is, look it up on Google news. You'll need to find out sooner rather than later, especially if you do business on the Internet. Here is a news article that discusses the issue. If you have a suspicious e-mail that wants you to update something on your account, find a way to report it. I realized too late that if I had read this bogus e-mail carefully, rather than respond emotionally to it, I would have discovered the gramatical error. (Did you catch it? Here it is: "Either your account has been changed or [IS] incomplete." I seriously dislike these kind of people.) While I haven't read all of it yet, this site [antiphishing.org] appears to have some excellent information about the evil tactics these people use and some good information on how to protect yourself as well. Recommended reading for everyone.