Don't fall for bank and credit-card e-mail scams in wake of Target breach

Playing on consumers' fears, some deliver malicious software

Published: February 07, 2014 04:30 PM

Consumer Reports has found that e-mail scammers have begun playing on consumers’ fears, in the wake of the data breach at Target, that their online banking account or credit card has been used fraudulently.

As an example, take this e-mail I received a few days ago (pictured above), which purports to come from Bank of America. It warned of "irregular activity" in my online account and said that my account had been locked. (Note: I have no account with Bank of America.)

The e-mail urges the recipient to click on a file attachment, download a form, and follow some instructions. As soon as I received this e-mail, the antivirus software on my PC identified the attached file as some kind of malicious software. (For the best security software to run on your computer, see our buying advice and Ratings.)

As with many e-mail scams, this one exhibited tell-tale signs such as odd sentence construction, missing words, and poor grammar. For example, it warned that "too many unsuccessful login attempts was made."

The above e-mail, which I also received this week, was more polished because it sported the colorful logos of VISA and MasterCard. It warned that my bank debit card had been temporarily blocked because of unusual activity. (Note: I don't use a bank debit card.)

Brief as this e-mail was, it, too, squeezed in some odd sentence construction before urging me to click on an attached file. When our engineers ran the file through some virus tests, it was found to contain malicious software.

Another red flag: The return address for this second e-mail included the top-level domain .co which, a quick Google search revealed, is the domain for the nation of Colombia.

You can't always count on bad grammar and blatant lapses to alert you to e-mail scams. But if you receive an e-mail that appears to come from a well-known institution, and it asks you to take such actions as opening attachments or clicking on embedded web links, just say no. Then delete the e-mail. To learn more about how to spot such e-mail phishing scams, read our story,  "How not to get phished," and watch our entertianing musical video, "Gone Phishing."

—Jeff Fox

For more advice and tips, check our guide to Internet security.

E-mail Newsletters

FREE e-mail Newsletters! Choose from cars, safety, health, and more!
Already signed-up?
Manage your newsletters here too.

Electronics News


Cars Build & Buy Car Buying Service
Save thousands off MSRP with upfront dealer pricing information and a transparent car buying experience.

See your savings


Mobile Get Ratings on the go and compare
while you shop

Learn more