Home Archive Merrill Lynch Phishing Scam

Merrill Lynch Phishing Scam

by Brett M. Christensen

Outline:
Email purporting to be from Merrill Lynch claims that customers must urgently login to their accounts and provide five personalized security questions.


Brief Analysis:
False

Example:
Subject:Urgently! MERRILL LYNCH BUSINESS CENTER customers pay attention

Merrill Lynch Enhanced Security Authentication

We have enhanced the Merrill Lynch Business Center security access to further safeguard access to your account information. Click on the hyperlink below and follow the prompts to answer and record answers to five personalized security questions. We may, in the future, ask you for answers to these questions when you log into the Business Center to ensure that only you are accessing your account information.

By clicking the link below and/or by using the Merrill Lynch Business Center website (“site”), you: Login by clicking here: [LINK TO BOGUS WEBSITE REMOVED]

I. Represent and warrant that you are authorized to accept the Merrill Lynch Business Center Terms & Conditions and use the site on behalf of yourself and your employer and in doing so you are acting within the scope of your duties and II. Accept the Merrill Lynch Business Center Terms & Conditions on behalf of yourself, agree to be bound by them.



Detailed Analysis:
Recently, phishing scammers have again targeted financial institution, Merrill Lynch. An “Urgent” email message claims that Merrill Lynch customers must click a link and “follow the prompts to answer and record answers to five personalized security questions”.

However, the message does not originate from Merrill Lynch. Following the link in the message opens a bogus web page designed to resemble the genuine Merrill Lynch website. Victims who fall for this ruse may be tricked into providing their username and password as well as other private information. This information can then be collected by scammers and used for identity theft and fraud.

In order to make the message appear more legitimate, the scammers have added a seemingly official terms and conditions acceptance clause to the bottom of the email.

Merrill Lynch has published a statement on its website warning customers about such phishing attacks. The statement notes:

Recently some Merrill Lynch clients have reported receiving fraudulent e-mails that appear to be from Merrill Lynch but which have, in fact, been sent by imposters. How can you tell the difference? Fraudulent e-mails typically include website links, and or request you to provide personal information.

Merrill Lynch has not and will not initiate a request for sensitive information via e-mail.

In fact, no legitimate financial entity is likely to request sensitive personal information via an unsolicited email. Be very wary of any requests for personal information that arrive via email and claim to be from a bank or other financial institution. Do not click on any links in such emails or open any attachments they contain. These fraudulent emails and websites may appear virtually identical to genuine company messages and websites.


Last updated: 24th October 2007
First published: 24th October 2007
By Brett M. Christensen
About Hoax-Slayer

References
Be aware of fraudulent e-mails
Phishing Scams – Anti-Phishing Information

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer