News Summary

Springfield, Ohio — At the end of July, Home City Federal Savings Bank compliance officer and auditor Patti Ark started receiving some rather disturbing phone calls. The odd part was, most of them were from people who were not her customers.

"People were receiving e-mail messages stating customer accounts had been frozen and calls needed to be placed to correct the situation," she said. If people responded, they were then asked for credit card information, she said.

The e-mails were not sent by Home City, and many recipients had no accounts with the bank, quickly leading Ark to discover her institution was the victim of an Internet phishing scam.

The cyclical attacks started as e-mails, then shifted to text messages, cell phone calls and land line calls. Once the initial cycle was completed, things were quiet for a few days, then it started again.

The Springfield bank, at 2454 N. Limestone St. and 63 W. Main St., experienced almost three weeks of attacks.

Phishing, according to microsoft.com, "is a type of deception designed to steal your valuable personal data, such as credit card numbers, passwords, account data, or other information."

Scammers send millions of fraudulent e-mail messages requesting personal information that look like they are from reliable Web sites such as banks and credit card companies. When recipients respond, they are most often redirected to "spoofed," or fraudulent Web sites, where personal information can then be stolen, the Web site continued.

Not from us — ever

Home City, like most legitimate businesses, does not initiate contact with customers over the Internet and never asks for any personal information to be sent via e-mail, Ark said.

After conversations with the Federal Bureau of Investigations, she learned these types of scams are common with larger institutions and target a wide audience of customers and noncustomers, looking for any response, any opportunity to gain personal information.

The criminals who are pursuing these ventures, Ark said, are looking for quick access to information and immediate responses caused by worry or fear.

"They just need a tiny window of opportunity to create a new debit card or try to run transactions," she added.

Government and consumer protection organizations take phishing seriously and are working diligently with businesses like Home City to lessen the impact on consumers.

The Federal Trade Commission asks anyone who receives phishing spam e-mails to forward those messages to spam@uce.gov and to the company, bank, or organization represented in the phony e-mail.

If individuals know or believe they have been scammed, the FTC asks they file a complaint at ftc.gov.

The Federal Deposit Insurance Corporation has become involved as a watchdog for the banking industry and works with the FBI.

The FDIC suggests people also report scams to ic3.gov, the Internet Crime Complaint Center. The ICC is a partnership between the FBI and the National White Collar Crime Center.

Fbi.gov offers information about common Internet scams and accepts reports about any potentially fraudulent e-mails.

Knowledge is power

The best defense, Ark said she has learned, is education for businesses and consumers.

Since these types of e-mail attacks are external and can not be halted, she said it becomes essential to understand the best ways for businesses to prevent harm.

To do that, Home City posted alerts on its Web site and provided fliers and other information at its two locations for customers.

Ark and her staff also answered every phone call that dealt with the scam.

The bank worked closely with its Internet Service Provider to shut down the offending Web sites as quickly as possible.

"No losses were experienced by our customers, and Home City was able to protect our customers and their information," she said.

Ark was pleased to discover so many people willing to help and share their experiences.

She received a call from a man in Georgia who got the Home City e-mail and had been a victim of another scam a few years ago. He called to alert her organization because he had no affiliation to Home City or Springfield and was concerned it was a scam, she said.

Many other people called the bank and forwarded the scam e-mails to watchdog agencies or government offices investigating scams.

"People were very proactive in helping us stop the activity," Ark said.

Now, Ark views this as a learning experience that will allow Home City to be better-prepared for any future incidences of Internet scamming.

"We have become more educated in the approaches used by criminals, more aware," she said.

"We are more alert to things that may come at us, and we have the technology we need to keep our customers protected."

Contact this reporter at (937) 328-0371 or elroberts@coxohio.com.