Northwoods Bank customers who did online banking in a 14-minute timeframe Thursday, May 25 may be the victims of a phishing attempt, says bank president Roger Stewart.
"Phishing" is a term meaning a fraudulent Web site is created by a third party that may or may not mirror one similar to an authentic site, often a bank. Personal data such as ATM, PIN and Social Security information is requested from customers and stolen.
Stewart emphasizes that customers' "exposure is extremely limited. We know no information was given out through the Internet banking site."
The Web site host, Goldleaf Technologies of Brentwood, TN, is a site different from Northwoods' Internet banking site, which contains account information.
When customers visit northwoodsbank.com or north woodsbank.net, they are asked to log on with a username and password, which are requested only once. They are then directed to the Internet banking site, hosted by Informational Technologies Inc., says Stewart. That site was not affected by the phishing attempt.
ADVERTISEMENT
Between 2:36 and 2:50 p.m. May 25, customers using an Internet Explorer browser who were logging on to the Northwoods Bank site were then redirected to a phishing site, which asked again for the customer's username and password, as well as Social Security and ATM information. Stewart says the Northwoods Bank site never requests that information.
"If someone did that, they could have some exposure," Stewart says. "There was enough evidence to disconnect to all Web site clients at 2:50 p.m." He assures the proper security and law enforcement measures were taken by informational technology staff at Goldleaf, and the site was up and running again at 5 a.m. Saturday, May 27 when the site was deemed secure.
Stewart sent an e-mail to Northwoods Bank customers Wednesday informing them of the phishing attempt and the proper measures to take if they may have been affected.
"We felt it was necessary to tell everyone there was a chance they could have given out information," Stewart says.
Customers who believe they may have logged on to the site between 2:36 and 2:50 p.m. May 25 must first contact their credit card company and then Northwoods Bank at 732-7221 or 800-450-2265, says Stewart. The bank will watch the customers' accounts and change their username and password. He recommended in his e-mail, however, that all online banking customers change their passwords.
Goldleaf chief executive officer Lynn Boggs said in a press release, "We have identified and corrected the problem. In addition to contacting our customers, we have communicated with our vendor partners, regulators and law enforcement authorities. We are fully operational and diligent in our security efforts."
Stewart says it is not possible to identify who was in charge of the scam. About 250 bank sites nationwide were affected by the phishing attempt.
This is the first phishing attempt in the site's 10 years in operation, says Stewart.
