In fairness I will not mention the name of the bank involved in this situation because the bank is a potential victim just as is the public and individuals at large.
This morning I was going through my daily mess of e-mail which is divided into two types, my regular e-mail usually from e-mail addresses my system recognises and a second lot identified as potential spam. The system is far from perfect and I have to pretty well sift through the 400 or so messages each day to get the real messages intended for me. The reason of course that I get so much spam is because each story on this web site has my e-mail address so it is easy for the evil ones to find and use. I was in my regular e-mail that I came across a very official looking message with the logo of one of Canada's main banks but not one that I am currently a customer.
The message informs me that I am the recipient of $561.00 sent to me by INTERAC and I am to click on an address to deposit the amount in my account. I was immediately suspicious of the message because I am not a customer of that bank and I did not recognise the name of the e-mail sender or who was suppose to be sending me money. But I clicked on the web address to see what would happen and I was at an official web site for that bank, official in every way except its address. Most people don't check the gibberish in addresses so they might not have noticed this one did not have the banks name included.
The web page asked for my account number and password. I killed the page and phone up that bank. I explained what I had just seen and the lady asked me to hold and contacted her supervisor then gave me an e-mail address to forward the message to them that I had received.
I few minutes later I got the message below back explaining the situation:
Dear Sir or Madam,
Thank you for your feedback. We appreciate the time you have taken to write us.
Thank you for bringing this e-mail to our attention. We can confirm that this e-mail was not sent by XXXX (our bank) and is a form of e-mail fraud called "phishing". XXXX is taking the necessary steps to shut down the fraudulent site.
Phishing e-mails claiming to be from legitimate companies target wide distribution lists. XXXX does not divulge customers' e-mail addresses. Therefore, the fact that you may be a XXXX customer and were targeted by a phishing e-mail claiming to be from XXXX is simply a coincidence.
If you visited the fraudulent site, please clear your browser's cache, then close it and reopen it before accessing XXXX Online Banking again.
We thank you for communicating with us so quickly and allowing us the opportunity to address the issue.
Internet Communications Specialist
Now let's go over this. If you get an e-mail saying someone has transferred money to you, you can complete the transfer without entering your account and password, if it is required, that is what they are after. Had I been a customer of this bank involved and filled in the account and password the bad guys would have me and what ever money I have in that account. Phishing is a very dangerous form of theft with your account number and password for your account, it is just so simple for the thief to clean out your account.