New Jersey AG Seeks Information from Banks Regarding Online Phishing Scams

Asks Companies to Provide Warnings, Advice to Internet Customers

October 23, 2007 -- TRENTON – New Jersey Attorney General Anne Milgram today called on four banks to provide information on how they are protecting customers from identity theft and related loss resulting from “phishing” – an on-line fraud gambit in which authentic-looking e-mails are used to trick recipients into giving out sensitive personal information such as credit card, bank account and Social Security numbers.

In separate letters to the chief executive officers of Bank of America, Citibank, Washington Mutual and Sun National Bank, Milgram asked the banks to work cooperatively with the Attorney General’s Office by reporting incidents of phishing-based fraud to law enforcement, and to provide information on how the banks respond to those incidents in each case.

The Attorney General also asked that each bank send e-mails to its on-line customers warning them that the bank has been a recent target for phishing scams, and offering advice to customers on how to differentiate between an authentic, bank-generated e-mail and one that is bogus.

Milgram’s letter notes that, according to the anti-phishing Web site MillerSmiles.co.uk.,
38 separate phishing-related e-mail scams impersonating Bank of America took place in 2007 alone. There were also 22 phishing-related e-mail scams impersonating Washington Mutual, 15 e-mail scams impersonating Citibank, and two e-mail scams impersonating Sun National Bank in 2007, according to the same Web site. The Web site is a partner of the Anti-Phishing Working Group, a global association of industry and law enforcement including the U.S. Department of Homeland Security’s U.S. Computer Emergency Readiness Team.

“Internet safety must be focused not only on sexual predators, but also on con artists and other criminals. The threat to consumers caused by phishing scams is something that deserves serious attention from both the banking industry and law enforcement,” said Milgram.

“By working together and keeping the lines of communication open, we can protect personal information, help consumers avoid victimization, and increase confidence in the integrity of on-line banking systems,” Milgram added.

According to Milgram’s letter, the Attorney General’s Office – through the State Police and Division of Consumer Affairs – is responsible for investigation and enforcement related to the misuse of personal information under New Jersey’s Identity Theft and Prevention Act.

The Attorney General’s letter asks for an opportunity to speak with representatives of the four banks to discuss steps they have taken to enhance Internet security, and to assure customers their Web sites are safe.

In the case of each bank, Milgram’s letter acknowledges the use of certain on-line features aimed at discouraging phishing and assisting victims, but the letter also notes that many such measures may “offer customers a false sense of security” or go unused altogether.

The Attorney General asks that each bank provide reports on phishing incidents that relate to the customers of its New Jersey branches, name the agency to whom the incident has been reported, and inform the Attorney General’s Office as to how it responded.

Milgram’s letter also assures each bank that the Attorney General’s Office will review the incidents it reports and, where appropriate, work with bank representatives to appropriately resolve those incidents.

Source: New Jersey Attorney General

Bookmark/Search this post with:

 •    •    •    •    •    •    •    •    •    •    •    •