Bank Leumi busts on-line scam, warns customers

Investigators traced the fraudulent Web site to Brazil.

Bank Leumi moved swiftly to smash an Internet-based scam aimed at garnering the secret user names and passwords of its on-line customers, the bank said in a statement on Thursday. Leumi said its Secure Information Unit had been alerted by a customer to an e-mail prompting users to follow a link to a counterfeit Web site posing as Bank Leumi's official site, in a fraud attempt known as "phishing." "The e-mail claimed to be from Bank Leumi, and said that vital account information had been erased due to an error," Bank Leumi spokesman Aviram Cohen told The Jerusalem Post Thursday. "Customers were asked to follow the link in the e-mail and provide the missing information. "Customers have no way of recognizing the Web site as being counterfeit. We identified the scam immediately, and traced the fraudulent Web site to Brazil. It has already been taken off the Internet." "Don't open e-mails from people you don't know," he added. "We never send e-mails to our customers." Dozens of customers received the e-mail, Cohen said, but only two followed the link and gave away their details while trying to log in to the phony Web site. No funds were stolen, and the passwords of the targeted customers have been changed, he said. Phishing attacks circumvent all of the measures taken by banks to secure their Web sites, Cohen said. "They have nothing to do with a bank's security system," he said. "We are doing everything we can to instruct our customers to recognize the scams." In its statement, Leumi said: "Like many financial organizations around the world, Bank Leumi has been targeted for fraud by criminal elements... This threat requires cautionary measures, both by the bank and its customers." There are steps bank customers could take to avoid phishing scams, Bank Discount spokeswoman Sarit Weiss told the Post Thursday. "Never give away your account details to any party," she said. "Banks in Israel are very aware of this issue, and all of them work to ensure that users are fully alert to the danger and not pass on their details to anyone. No one needs to know this information." The Bank of Israel, which regulates the Israeli banking system, is constantly reviewing guidelines for dealing with threats posed by phishing fraud, its spokesman, Dr. Yossi Saadon, said. "In this case, Bank Leumi worked with us to respond to the problem. We won't release the exact steps taken so as not to tip off the perpetrators. We back Bank Leumi's response."