By NEIL HARTNELL
Tribune Business Editor
Key Bahamian financial institutions have warned clients they are being targeted by fraudsters seeking to obtain their personal financial information through a technique known as "phishing".
Bank of The Bahamas, the BISX-listed commercial bank, yesterday became the latest institution to issue an alert over fake e-mails being sent to customers in a bid to deceive them into parting with their bank account details and other information.
The e-mails are designed to appear authentic, as if they have come from the client's bank, but Bank of The Bahamas warned customers never to access its online services via an unsolicited e-mail. Its alert came just one day after the National Insurance Board (NIB) issued a similar "phishing" alert, indicating that fraudsters and scammers are increasingly looking to exploit the COVID-19 pandemic as a means to steal people's money.
"Bank of The Bahamas has become aware of a phishing e-mail message that is currently targeting the bank's customers," the BISX-listed institution said. "The e-mail message with the subject Debit Authorisation Notification, Your Debit Notification, Your Debit Alert Notice or similar appears to come from Bank of The Bahamas.
"The message states that the customer has received a debit authorisation or a debited amount on his/her account, and recommends that the customer should click the link provided in the e-mail to view details of the transaction via online banking. However, Bank of The Bahamas has not issued this message. Nor is the bank in any way associated with this activity.
"The link in the message appears to be a valid link to the bank's website or online banking platform but is it not. It is a phishing link that is designed to lure customers to a fake website to gain access to their personal and financial information."
Tribune Business itself received one of the e-mails referred to by Bank of The Bahamas even though it does not have an account with the institution. The message appeared to come from a genuine address, firstname.lastname@example.org, and said: "Dear Valued Customer: This e-mail is sent to inform you that you have received a debited amount on your account today.
"If you are not aware of this activity or have concerns about this activity, we recommend that you log-on to BOB Express Online by clicking https://www.bankbahamas.com/ to view the details of the transaction." This newspaper immediately recognised it as a "phishing" attempt, but it is possible others will fall for it.
Urging customers "to scrutinise all e-mails carefully", Bank of The Bahamas advised that persons should never reply to, download attached documents or click on links associated with any suspected "phishing" attempt.
"The bank also advises that customers should never access its online banking services via links in unsolicited e-mails," Bank of The Bahamas said. "Instead, to avoid scams and identity theft, customers should always access Bank of The Bahamas' online banking service by going directly to the site independently of any e-mailed links.
"Bank of The Bahamas customers who have received a suspicious or phishing e-mail should immediately report it to their e-mail service provider and forward the e-mail to email@example.com. Customers who have clicked on a link in a phishing e-mail and suspect they have provided information to a non-legitimate site should immediately call the BOB customer care centre at (242) 461-3510."
The bank's warnings echo those of NIB, which warned benefits claimants Monday about "the increase in phishing scams that seek to take advantage of customers during this time of vulnerability". It, too, warned Bahamians not to respond to unsolicited e-mails and WhatsApp messages by divulging their personal and financial information, thereby exposing themselves to financial loss.
The fake WhatsApp message, purporting to come from NIB, says: "We thank you for your co-operation and patience during this transition period. Due to the high volume of unemployment applications, it was [there were] many delays. The system that was implemented did not work well, causing systems to crash.
"Our team is working day in, night out to have a new software/system up and running. We have received your unemployment application. Before being approved, the following documents listed is [are] needed once again to go along with your file attachment."
The fraudsters then ask for a copy of the person's passport, NIB card, bank details, job letter and "termination certificate". Those who provide such details will expose themselves to potential identity theft as well as the raiding of their bank accounts by such scammers.