Well last weekend, they almost did. I had recently opened a GTBank Non-Resident account which I could use from here through internet banking and had little complaints. Funny enough, I had mentioned to Atala that I felt they were too security conscious. Logging into my account online was like going down to the bank vault, there were so many locks and bolts, pincodes, passwords, secret questions, tokens, etc...it took almost 5mins and compared to the one-minute transaction on my account here, I was chaffing.
So you can understand why when two weeks ago or so, I recieved a scam alert email from GTBank that read something like the one below, I moved the email to trash immediately, thinking to myself, these people have come again.
Our attention has been drawn to mails being sent out by fraudsters, requesting for such sensitive information as Internet Banking Account and ATM Card Details. Some of these mails also request that customers update their account records by clicking on links to fake Internet banking and Interswitch websites. You are hereby advised to ignore these mails and Do Not respond to them; as such mails were not initiated by Guaranty Trust Bank plc or Interswitch.
I was to rue my blase attitude mere days later. Now, let me give you some background. I have a couple of emails for personal use, one I use solely for official purposes and the other for more personal stuff (this-and-that). I am sure you can guess I opened the account with the official one. Well, since I opened the account my this-and-that email has been flooded by GTBank related phishing emails. Unfortunately for the senders, Gmail shunts them immediately to the Spam folder, from where I send them to the hell where failed scam go.
So how come I was almost duped?
Good question.
What happened this time was that the scam email was sent to my 'official' email address. Not only that, it was sitting pretty right there in my inbox. Add to that, it appeared to come from GTBank, and not with the same ruse as the ones I had previously received. And their tactic played into my fears. Instead of simply asking that I verify my account by clicking a link, it said my account had been suspended.
Dear Valued Customer,
We regret to inform you that access to your GTBank Online Account and Atm Card has been temporarily limited due to several failed log-in attempts. To restore your account please log in correctly by downloading and Filling the Customer Security Update form attached to this message. After downloading follow the directions for instant activation of your account and Security information. NOTE: FAILURE CAN RESULT TO PERMANENT ACCOUNT SUSPENSION.
Security Advisor
Guaranty Trust Bank © 2012.
There was no frills and thrills so my mind thought, this must be real. Since I hadn't used my account in a few days, I was wondering, who could have tried to access my account? They must have been the scammers I had been warned about. I told myself I had to act quickly.
I downloaded the form, and clicked it open to fill it in with my details.
That was when reality hit me. I felt like someone poured cold water on me. At that moment, I could guess how people felt who had been duped - my cousin rushed home from the market, took all the money at home and handed it over to some stranger. It only dawned on her while she was recounting this amazing opportunity to another person that she had been duped.
For me, those few minutes it took to read that email and download the document, it was like I had a veil over my eyes. Opening the document stripped it off. With BELLS. Reason being;
1. It was an online form - but with file///
2. It was asking for everything - in addition to bank details, it wanted my phone number, email address and email password
As the alarm bells clanged in my head, I took a deep breath and let it out. Leaving this document open, I went back to the email and expanded the details of who it had come from. What do you know, that GTBank front name belonged to email address gholmes@howard.edu
I laughed at myself and shook my head saying to myself, "Myne, no one is above phishing scams, be careful." This is to you guys out there. Always check out where your emails are coming from, and in the words of the GTBank Scam Alert email;
Please note that your Internet banking account, your ATM Card details and PINs are confidential to you and must not be disclosed to anyone. Guaranty Trust Bank plc and Interswitch Nig. Ltd will never request for your ATM card details or your PINs.
I almost didn't share this post cos I felt so stupid, but Atala changed my mind. Has anyone else been in the same boat with me? I do hope no one has been duped for real but if you have please share so we can all keep learning. Have a great week and thanks so much for the comments yesterday. I will keep you updated.
I dont do online banking. I still hide my money in pots. haha! But, thanks for sharing Myne. I hope someone finds this helpful too. Thank God your eyes were unveiled before it was too late.
ReplyDeleteLOL...I should start putting money in pots too. Thanks dear.
Deletegood i dea i think, buh what about the house thieves?
Deletelol, i think i have to start saving in pot too, buh what about thieves?
DeleteSorry o. Thank God you didn't fall.
ReplyDeleteNo matter how they frame d message, at the end of the day, they always ask for your PIN/password. That's where you should run!
I have learnt that all over again. Thanks, iLola
Deletelol @ Jabez...
ReplyDeleteMyne I'm so happy for you that you didn't fall victim. Ha!
Fortunately, those emails get sent to my bulk/spam emails folder now, so I never have to worry about dealing with them directly.
Thanks Doyin, in my gmail they go to the spam folder too, but it seems yahoo is not all there yet.
DeleteThank God you didn't fall for it. Yahoo seems to allow all sorts of mails come in so what I did was ask them for their official email address and saved it as a contact. If it isn't coming from this address infoupdate@gtbank.com, it aint a gtb mail.
DeleteWow! I actually fell for a GTBank scam too before. The website was identical to the original but the thing was that one was www.gtbank.tu or so (can't remember). I entered in my details like a maga before I realized what was happening. I was so lucky because I alerted my bank immediately. My account was frozen for a few days though to enable the bank fix the issue. Lucky you, ma'am!
ReplyDeleteWow, I would have laughed at you before, but now I know better. Thank God the bank could fix the issue.
DeleteLike a maga :). LOL
DeleteI nearly fell for a PayPal one like that and like you I thought I understood such things. Glad you caught it in time.
ReplyDeleteI'm glad i did, it would been really stressful to deal with it otherwise, with time differences and all.
DeleteChai! They want to "chop" my sister mugu o! It won't work for them and thanks for sharing!
ReplyDeleteThanks Emeka, they won't see any shishi o, lol..
DeleteWow! This happened to me a few weeks ago!
ReplyDeleteIt was late at night, and I decided to quickly check up on my mail before retiring for the day. Initially, I thought the message was genuine as I had been having a few problems with activating the debit card tied to my account. In a sleepy haze, I filled out ALL the information, I mean EVERYTHING.
I was about to click on the submit button, when it occurred to me that though the form looked like the regular GTBank online banking UI, there was something a bit off about it, and the request for my password was highly suspicious too! At that point, it was like I had been slapped so hard on my wrist. My eyes widened and I was awake in a split second.
I rushed back to my mailbox and carefully read through the mail. Immediately I saw the strange email address, I cleared all my data off the form and closed the page !!!
After everything, I felt so unclever, but in a few minutes, I was laughing it off and thanking my lucky stars!
At least you have the excuse of drowsiness, lol..Thank God you didn't send it in the end, imagine what would've happened.
Deletefor some reason i would not have fallen for it because there are just too many mis-grammar's in there. Not capitalizing proper nouns consistently regardless of the proper flow of sentence structure. Failing to use simple word-processing to catch those silly mistakes indicated being too eager or rushing and unofficialness. They did try tho...if ATM and PLC were capitalized and there hadn't been a "failure can result *to* (as opposed to "in")..." i might have believed it.
ReplyDeleteGlad you escaped unrobbed! :)
I wouldn't really bank on grammar to separate official and scam mails in Nigeria. The people working for banks and the scammers probably went to the same underfunded schools. But yeah, thanks.
Delete"The people working for banks and the scammers probably went to the same underfunded schools."
DeleteThis sounds off.
I've received the same exact email before because i have a gtb account but i knew it was spam cos of the request of my pin. Good thing you didn't fall for it.
ReplyDeleteI'm glad you didn't fall too. Phew...
Deletethank God for you
DeleteThat was a close call Ms Myne, you shouldn’t feel bad about it, the email looks very legit. The best thing to do when dealing with Nigerian companies is to use their call center service; at least you will be doublely sure.
ReplyDeleteThanks for sharing.
Thanks 9jafoodie, I have resolved to do that, just that time difference is not my friend.
DeleteI fell flat for it and it was because i was not paying close attention to what I was doing. My savings account was moved to My current account and in a few minutes it all wiped out. I felt so foolish. I have not recovered fully from it.
ReplyDeleteThat is HARD! So terrible. I hope those who do these things keep meeting their nemesis.
DeleteAm so sorry about this, buh what is gtbank doing about it? is there any hope for your money?
DeleteI've never received these kind of mails before, but my dad receives them regularly and the funny thing is he doesn't even bank with gtb. Most times (when I can be bothered), I reply the sender by telling him to get a job!
ReplyDeletePiece of advice: Always look for two things
Mail address of sender
URL of website you are directed to. A webpage can be designed to be a clone of another and if you don't look properly, you might be fooled. So, please check the address bar of your browser.
Please and please never ever give out your PIN.
I know these things and it was the URL that tipped me off to go back and check the email. Thanks for sharing dear.
DeleteHi Myne, thank God your ESP (extra sensory perception) came up in good time, otherwise it would have been a whole lot of issues combined. However, I congratulate you in that smart move dear.
ReplyDeleteThank God for ESP o, lol, I used to boast about mine, these people almost disgraced me :)
DeleteCongratulations Myne. Glad yo didn't fall for it. One word of advice since I do everything online including banking: always type the correct address into the address bar of your browser. If it redirects you to a strange site, call the company.
ReplyDeleteI'm pleased in the end you didn't fall for the scam. I've not fallen victim to these scams before but like many people, I receive tons of email everyday of the type you were sent but I just delete it straightaway.
ReplyDeleteNo bank will ever ask you for personal details via email. If there's any issue, no matter how serious they'll phone you unless the bank itself is a fraud!
My advice to anyone is to invest in a very good anti-virus that has a robust anti-phising protection. Also ensure you check your bank account on a regular basis for any irregular activity.
Lucky you, I nearly fell for the GT bank scam too. It only clicked when I got to filling my pin and it was not coded that it clicked that it was a scam.
ReplyDeleteNow I just delete all mails asking me for any info, if the need anything they will call and ask you to come in to your branch, don't give out pins and sensitive info out o the phone too.
Seriously, no matter how brainy, how smart you are, anyone can fall for this SCAM as in literally.
ReplyDeleteThank God for you Myne.
Thank you for sharing.
It could have been worse.
I put unfamiliar emails through the grammar test and then the sensible sounding email address test (tell me a mail from CBN would originate from Hotmail,how dumb).
ReplyDeleteI remember this colleague who talked about a scam mail going around, with the scammer sending you the picture of a pretty girl purportedly staying with a Reverend Father in a refuge camp in either Mali or Senegal or somewhere else. The "girl" would tell you how she's enduring the camp and all sort of silly stuff. He said he replied one saying "if you look this nice and pretty staying in a refuge camp,then you don't need to leave that camp, you should stay there"...lol
Thank God it wasn't more than this. It is a lesson not just for you but for everyone who reads the posts and comments. I have an account with gtb though I havent noticed such mails cos it is connected to my gmail, I wont be shocked if i fall for it cos of distraction. Thanks for sharing now I am on alert.
ReplyDeleteI like GT banking system. Your posting is so nice.
ReplyDeleteit happened to me too,i don't even remember what they said that convinced me, and note, i have been using internet banking for over ten years o!, but i remember the site was so identical to the original GTbank site, it was when i clicked the link and started to fill, that i stopped dead in my tracks, email, password, pincode secret question,type a no from your token ..the works, i said..this can't be, so i took my time to fill in false information and made up pins etc and sent it,(i was so mad),the next page that showed was a genuine gtbank page, i imagine that i would have had no idea it was a scam till they had cleared all my money...i checked the source again,it wasnt't Gtbank of course but it was connected to the site,don't know how. I sent the link to all my friends to warn them because it looked so genuine ..don't worry you are not alone and we learn everyday.
ReplyDeleteI also receive such annoying emails! As soon as I see them I do not hesitate to hit the delete button!
ReplyDeleteThank God sha, that you did not "completely" fall for the scam!
How are you?
Thank God, you did not fall for it!
ReplyDeleteScammers!
I have fallen for this once, like 2 years ago but fortunately i had zero naira in the account. I'm sure the scammers cursed me.
ReplyDeleteI got the exact email a few days ago and i knew it was them this time. Once bitten, twice shy!
I suspect that someone who works at GTB is involved in this scam. However, it's not only GTB. I got a very official looking email from "Bank of America" the other day. And it was from an @bankofamerica.com address. However I knew that BOA would never request for my pin online. I usually never click on a link or attachment. Even when I get a notification that my statement is ready, what I do is type the bank name into google and go from there. The legit site is usually verified in the search results.
ReplyDeleteGlad you caught it before it was too late!
ReplyDeleteThese people just get trickier and trickier...
Hi, I saw this too and also almost got taken in by it.
ReplyDeleteI noticed that something seemed strange about it too!
In fact in the email that I received, the email address now appears VERY similar to the genuine gtbank one.
However I noticed that this one had an s at the end of bank - so it was
GeNs@gtbanks.com - VERY similar to the real gtbank email.
Without VERY close scrutiny it EASILY looks like the real email address!!
@ Jemima: I had a look at the source code of this html file and saw that the form action is "http://www.black-flag-racing.com/gtb/gtb.php". For those who may not understand or know about how html forms processing works, this means that the information you fill into the form fields are essentially collected and sent (by form action). So how it is then ending up on the real gtb site is that once the form info is collected the URL request is usually redirected to a "thank you" page - as you probably are aware.
ReplyDeleteExcept of course that in this instance these fraudsters have made it to redirect to a legitimate GTB page! Scary!!
This is my first comment on this blog. I hate to see people get scammed.
ReplyDeleteEveryone should be extremely careful online when they deal with financial services, be it paypal, moneybrookers, local/international banks, credit card payments, e.t.c.
My advice is; AT ALL TIMES, make sure you have your eyes fixed on the address bar!
The UI/design on a page could be anything, but the address/url would always let you know what page you're on.
The same goes to EMAILS, first thing to do if you receive any email from any financial institution is to check the sender's email address. It is important to know if you are being targeted for scam mails, so you know when to raise your paranoia level and be more alert.
Lastly, No financial institution will ever send you an email to reveal confidential details.However, assuming you do get an email with an email address from your financial institution, you should open your browser and type in your institution's url in the address bar to perform whatever task the email requires you to. Under no circumstance should you open any link in an email. Whether or not it's from your financial institution is out of the question. An employee at your bank could loose his email password to scammers or even conspire to scam you. If you must perform any financial transaction online, do not go through any link.
Yes my mum just got dupped of her 2 years pension of half a million naira tnx God she is in abroad and don't depend on it 4 a living. Exactly wat happened 2 u but this time u fill the form automatically online and submit it there and they built their website exactly like first bank website except that the url is somthing abt india lol I wish she knew of this ealier. Her nrn acct is ok tho.
ReplyDeleteA common way of stealing domain names is by sending a phishing mail to the registered email address asking the owner to verify his / her details or to login to their domain control panel through a link in the email. how to recover gmail deleted emails
ReplyDeleteThanks for such a great information and to provide us. We have the finest I mcafee certified technicians and If you're facing trouble in your mcafee antivirus software then just go through the link here. Click Here:- http://mcafeetechsupport.com/
ReplyDelete