TRENTON
– Attorney General Anne Milgram today
called on four banks to provide information
on how they are protecting customers from
identity theft and related loss resulting
from “phishing” – an on-line
fraud gambit in which authentic-looking
e-mails are used to trick recipients into
giving out sensitive personal information
such as credit card, bank account and Social
Security numbers.
In separate letters to the chief executive
officers of Bank of America, Citibank, Washington
Mutual and Sun National Bank, Milgram asked
the banks to work cooperatively with the
Attorney General’s Office by reporting
incidents of phishing-based fraud to law
enforcement, and to provide information
on how the banks respond to those incidents
in each case.
The Attorney General also asked that each
bank send e-mails to its on-line customers
warning them that the bank has been a recent
target for phishing scams, and offering
advice to customers on how to differentiate
between an authentic, bank-generated e-mail
and one that is bogus.
Milgram’s letter notes that, according
to the anti-phishing Web site MillerSmiles.co.uk.,
38 separate phishing-related e-mail scams
impersonating Bank of America took place
in 2007 alone. There were also 22 phishing-related
e-mail scams impersonating Washington Mutual,
15 e-mail scams impersonating Citibank,
and two e-mail scams impersonating Sun National
Bank in 2007, according to the same Web
site. The Web site is a partner of the Anti-Phishing
Working Group, a global association of industry
and law enforcement including the U.S. Department
of Homeland Security’s U.S. Computer
Emergency Readiness Team.
“Internet safety must be focused not
only on sexual predators, but also on con
artists and other criminals. The threat
to consumers caused by phishing scams is
something that deserves serious attention
from both the banking industry and law enforcement,”
said Milgram.
“By working together and keeping the
lines of communication open, we can protect
personal information, help consumers avoid
victimization, and increase confidence in
the integrity of on-line banking systems,”
Milgram added.
According to Milgram’s letter, the
Attorney General’s Office –
through the State Police and Division of
Consumer Affairs – is responsible
for investigation and enforcement related
to the misuse of personal information under
New Jersey’s Identity Theft and Prevention
Act.
The Attorney General’s letter asks
for an opportunity to speak with representatives
of the four banks to discuss steps they
have taken to enhance Internet security,
and to assure customers their Web sites
are safe.
In the case of each bank, Milgram’s
letter acknowledges the use of certain on-line
features aimed at discouraging phishing
and assisting victims, but the letter also
notes that many such measures may “offer
customers a false sense of security”
or go unused altogether.
The Attorney General asks that each bank
provide reports on phishing incidents that
relate to the customers of its New Jersey
branches, name the agency to whom the incident
has been reported, and inform the Attorney
General’s Office as to how it responded.
Milgram’s letter also assures each
bank that the Attorney General’s Office
will review the incidents it reports and,
where appropriate, work with bank representatives
to appropriately resolve those incidents.
#
# #
|