Sterling Online Banking Phishing Scams

Date: 10 June 2007
Received from "Bank of Lancaster County" <customer.service@blcnet.com>
Subject: New Message from Sterling Online

Dear Sterling Online Customer:

A message regarding "e-Statesment Notification" has been sent to your Secure Message Center. To see your message, log on to www.sterlingonlinebanking.com and click the "You have new mail" link in the upper left corner of the My Account page. If you are already logged on to Sterling Online, you can see your message(s) at any time by visiting the Secure Message Center.

The message will be available in your Secure Message Center until June/15/2007.

Thank you for being a valued Bank of Lancaster County customer.

ABOUT THIS MESSAGE:
This service message was delivered to you as a Bank of Lancaster County customer to provide you with account updates and information about your account benefits.

If you want to contact Bank of Lancaster County, please do not reply to this message, but instead go to www.sterlingonlinebanking.com. For faster service, please enroll or log on to your account. Replies to this message will not be read or responded to.

Your personal information is protected by state-of-the-art technology. For more detailed security information or to update your privacy choices, go to our Online Privacy Policy. To change your e-mail address, please log on to Sterling Online and click your e-mail address on the left-hand side of the My Accounts Page

Phishing scammers are getting smarter by the day. One of the latest tricks used by phishing scammers is to register a domain, looking exactly like the real domain, but one letter of the phishing domain is spelled differently. For instance the scammer can easily register the domain www.sterlingonlinebanking.com as www.sterling0nlinebanking.com, where the digit "0" in the fake domain, replaces the letter "o" in the real domain.

This is an attempt by the scammers to undo all the education done by anti-phishing activists and authorities. Users no longer trust strange looking URL's, so scammers started to use this tactic in order to fool the users who do not pay close attention to the URL's in their e-mails. The inattentive user may easily fail to spot the fake, misspelled URL.

The safest rule of thumb to go by is the known fact that banks and other financial institutions never send e-mails like this to their clients.