How I almost fell for a GTBank Email Scam

If anyone had asked me about my vulnerability to bank email scams two weeks ago when I received and trashed a GTBank Scam Alert email, I would have scored it zero. When it comes to phishing scams where you are supposed to go somewhere and fill in your details, I considered myself sophisticated and above all that. I used to think, I've been doing this internet thing for ten years now, they can't get me.

Well last weekend, they almost did. I had recently opened a GTBank Non-Resident account which I could use from here through internet banking and had little complaints. Funny enough, I had mentioned to Atala that I felt they were too security conscious. Logging into my account online was like going down to the bank vault, there were so many locks and bolts, pincodes, passwords, secret questions, tokens, took almost 5mins and compared to the one-minute transaction on my account here, I was chaffing.

So you can understand why when two weeks ago or so, I recieved a scam alert email from GTBank that read something like the one below, I moved the email to trash immediately, thinking to myself, these people have come again.

Our attention has been drawn to mails being sent out by fraudsters, requesting for such sensitive information as Internet Banking Account and ATM Card Details. Some of these mails also request that customers update their account records by clicking on links to fake Internet banking and Interswitch websites. You are hereby advised to ignore these mails and Do Not respond to them; as such mails were not initiated by Guaranty Trust Bank plc or Interswitch. 

I was to rue my blase attitude mere days later. Now, let me give you some background. I have a couple of emails for personal use, one I use solely for official purposes and the other for more personal stuff (this-and-that). I am sure you can guess I opened the account with the official one. Well, since I opened the account my this-and-that email has been flooded by GTBank related phishing emails. Unfortunately for the senders, Gmail shunts them immediately to the Spam folder, from where I send them to the hell where failed scam go.

So how come I was almost duped?

Good question.

What happened this time was that the scam email was sent to my 'official' email address. Not only that, it was sitting pretty right there in my inbox. Add to that, it appeared to come from GTBank, and not with the same ruse as the ones I had previously received. And their tactic played into my fears. Instead of simply asking that I verify my account by clicking a link, it said my account had been suspended.

Dear Valued Customer,

We regret to inform you that access to your GTBank Online Account and Atm Card has been temporarily limited due to several failed log-in attempts. To restore your account please log in correctly by downloading and Filling the Customer Security Update form attached to this message. After downloading follow the directions for instant activation of your account and Security information. NOTE: FAILURE CAN RESULT TO PERMANENT ACCOUNT SUSPENSION.

Security Advisor
Guaranty Trust Bank © 2012.

There was no frills and thrills so my mind thought, this must be real. Since I hadn't used my account in a few days, I was wondering, who could have tried to access my account? They must have been the scammers I had been warned about. I told myself I had to act quickly.

I downloaded the form, and clicked it open to fill it in with my details.

That was when reality hit me. I felt like someone poured cold water on me. At that moment, I could guess how people felt who had been duped - my cousin rushed home from the market, took all the money at home and handed it over to some stranger. It only dawned on her while she was recounting this amazing opportunity to another person that she had been duped.

For me, those few minutes it took to read that email and download the document, it was like I had a veil over my eyes. Opening the document stripped it off. With BELLS. Reason being;

1. It was an online form - but with file///
2. It was asking for everything - in addition to bank details, it wanted my phone number, email address and email password

As the alarm bells clanged in my head, I took a deep breath and let it out. Leaving this document open, I went back to the email and expanded the details of who it had come from. What do you know, that GTBank front name belonged to email address

I laughed at myself and shook my head saying to myself, "Myne, no one is above phishing scams, be careful." This is to you guys out there. Always check out where your emails are coming from, and in the words of the GTBank Scam Alert email;

Please note that your Internet banking account, your ATM Card details and PINs are confidential to you and must not be disclosed to anyone. Guaranty Trust Bank plc and Interswitch Nig. Ltd will never request for your ATM card details or your PINs.

I almost didn't share this post cos I felt so stupid, but Atala changed my mind. Has anyone else been in the same boat with me? I do hope no one has been duped for real but if you have please share so we can all keep learning. Have a great week and thanks so much for the comments yesterday. I will keep you updated.