MBNA users targeted in credit card email scam

24 Feb 2004

Fake emails are now circulating, appearing to come from credit card provider MBNA but which are actually part of a so-called ‘phishing’ scam designed to collect users’ confidential banking information, siliconrepublic.com has learned. MBNA is warning customers not to respond to any emails they receive that seem to come from the bank.

Phishing is a relatively new phenomenon where emails are sent to a bank’s customers purporting to come from that organisation; the messages usually contain a link to what appears to be the bank’s website, with a prompt for the user to re-enter their passwords or otherwise reveal normally sensitive account information. In fact the page is a replica website made to appear real, designed to trick unsuspecting users into divulging their credit card or banking details.

Reports emerged last year that this practice was happening, as customers of several UK banks such as Halifax, Barclays and TSB had been contacted in this way.

In this latest case, one badly worded email message reads: “Dear Valued Customer, Our new security system will help you to avoid frequently fraud transactions and to keep your investments in safety. Due to technical update we recommend you to reactivate your account. Click on the link below to login and begin using your updated account.” The link then takes users to what appears to be a legitimate page on MBNA’s site. Another version of the same message, with a similar wording, is also in circulation.

MBNA representative Hayley McDonough confirmed that the messages, which have been circulating for almost a week in the UK and Ireland, are in fact hoaxes. “MBNA doesn’t send emails about activating their account. Our website is secure, but emails aren’t, so we don’t send messages like that,” she told siliconrepublic.com.

MBNA’s real site contains a warning that such scams are becoming commonplace on the internet. It recommends that if users suspect they have received a hoax e-mail that appears to be from MBNA, they should not click on any links that may be embedded in the message. Users are advised instead to contact MBNA and then delete the message.

McDonough said that any users who unknowingly clicked on the link from the email should contact MBNA immediately and have their account stopped to prevent any third parties possibly gaining access to it.

By Gordon Smith