Some of you may have received a bank alert email purportedly from Suntrust bank. This is a phishing scam that has been floating around nationwide since 2004. As long as you’re not a Sun Trust customer and you didn’t follow the links and enter any personal banking information then there’s nothing to worry about with this spam email. However, clicking on the link will more than likely attempt to download a virus on the PC.
This email, which masquerades as an Activity Summary from US bank SunTrust, claims that the recipient’s contact information has been updated. The message states that the recipient can view this supposed update by clicking a link and signing in to his or her account. The message includes the SunTrust logo and message formatting.
However, the email is not from SunTrust. Instead it is an attempt by phishing scammers to trick SunTrust customers into sending their account login details and other personal information to Internet criminals. The scammers hope that some recipients will be panicked into believing that their account has been compromised and therefore follow the link without due forethought.
Those who fall for the trick and click the link will be taken to a bogus website that is virtually identical to the genuine SunTrust login page. Once they provide their user ID and password on the bogus site, they will be taken to a second bogus page that asks for further banking details as well as email account information. All of the information submitted can be collected by scammers and used to hijack bank and email accounts belonging to victims.
This phishing attempt is somewhat more sophisticated than some. Many banks will send an automatic email to customers if account details have been updated so the message may resemble genuine banking messages that the user has received in the past. Moreover, the bogus site even displays a fake data verification message after users enter the requested information in an attempt to make the process seem more legitimate. Finally, victims are automatically redirected to the genuine SunTrust website and shown a message notifying them that have successfully signed out of the banking session. Thus, users may continue to believe that they have successfully verified their account details and may not realize that they have handed their accounts to criminals until it is far too late.
Never click links or open attachments in unsolicited emails purporting to be from your bank, even if the email looks genuine. The safest way is to always login to your online accounts by entering the web address into your browser’s address bar rather than by clicking an email link.