Looks like customers at Santa Barbara Bank & Trust are the latest the latest victims of “phone phishing,” according to an alert posted by Websense. If you’re not hip to “phone phishing” yet, it’s basically a variation on the traditional Web phishing scam: you get an e-mail from some trusted vendor (Amazon, PayPal, a bank) that asks you to please confirm your account information, lest some dire event occur (account cancelled, password reset, money forfeited, asteroid crashed into house). Instead of a link to a malicious Web page that harvests your information, however, phone phishing scams ask you to call a phone number. Presumably this gives consumers more assurance that they’re dealing with an actual company. In reality, of course, they just reach an automated answering machine that asks them to punch in their account number.
Meet the new phish. Same as the old phish.
In the case of the latest scam, SBB&T customers received a phishing e-mail that reads “Message 156984 Client’s Details Confirmation (Santa Barbara Bank & Trust).”
“We’ve noticed that you experienced trouble logging into Santa Barbara Bank & Trust Online Banking.After three unsuccessful attempts to access your account, your Santa Barbara Bank & Trust Online Profile has been locked…Call this phone number (1-805-XXX-XXXX) to verify your account and your identity.”