Congratulations!
You’ve been invited to take part in our quick and easy 9 questions survey. In return we will credit $99.99 to your account – Just for your time!
That was part of the email a number of local residents received recently from what appeared to be Clarkston State Bank.
Only it wasn’t. It was a scam.
The bank began an investigation after customers and non-customers alike began calling CSB June 30 to ask about the email’s legitimacy, and quickly discovered someone, somewhere, was ‘phishing? for customer information.
Bank officials said they got on top of the situation quickly.
‘Our servers have not been compromised,? said Jim Distelrath, Clarkston State Bank CFO. ‘We’ve done a lot of checking to see if there have been any breeches from an information security standpoint, and there have not.?
But, while the bank was taking every precaution, Distelrath said he was fairly certain a security breech was not the intention of the scam.
‘They’re just using our name to get people to fill in information,? he said.
It’s called phishing, and it’s become a fairly common Internet occurrence.
Here’s how it works: Internet fraudsters send spam or pop-up messages to lure personal information like credit card numbers, bank account information, or passwords by directing recipients to a website nearly identical to a legitimate organization’s site. In this case, fraudsters created a fake website exactly like Clarkston State Bank’s real website, then inserted a link in an email that, if clicked on, would take users to the fake site.
The bogus site is meant to trick unsuspecting victims into divulging personal information so fraudsters can steal identities, run up bills or commit crimes in an innocent person’s name.
The email offering $99.99 to anyone who filled out a survey contained a legitimate-looking link: http://www.clarkstonstatebank.com/survey.html.
But, warn consumer advocate groups, a link can say anything and therefore be very deceptive. It’s the underlying code, which is not generally visible, that determines where the link actually leads.
Distelrath said CSB quickly traced the scam’s origin to Europe and subsequently blocked access for all the bank’s debit cards there.
Last week, another fake message went out.
‘It has been brought to our attention that various phishing emails have been sent referencing Clarkston State Bank,? it said. ‘We recently reviewed your account, and suspect that your CSB account have been accessed from multiple computers therefor we suspended your Clarkston State Bank account.?
Spelling and grammatical errors, as above, note consumer groups, are a tip off that an email is fraudulent.
The message went on to ask recipients to ‘reset? their CSB accounts by inputting a PIN number.
Again, bank officials say they got to work quickly.
‘We found the server the fraudulent site was residing on and had it shut down,? Distelrath said.’So if someone were to click on that link now, it doesn’t go anywhere. We’re working behind the scenes to shut these sites down as soon as they come up.?

? Do not reply or click on links in email or pop-up message requesting personal or financial information. Legitimate companies don’t ask for this information via email.
? Use anti-virus and anti-spyware software as a firewall, and update regularly. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.
? Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins ‘https:? (the ‘s? stands for ‘secure?). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
? Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
? Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.
? Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.
? If you believe you’ve been scammed, file your complaint at ftc.gov, and then visit the FTC’s Identity Theft website at www.consumer.gov/idtheft. Victims of phishing can become victims of identity theft.
Source: Federal Trade Commission