DATE: June 8, 2006
TO: Washington State Department of Financial Institutions
SUBJECT: Phishing Scam
Kitsap Bank was the subject of a phishing scam on Wednesday, June 7, 2006. This scam was conducted using a false security that appeared to have been emailed by Kitsap Bank.
The scam came to light when a non-customer called Kitsap Bank's Bonney Lake office and talked to a Senior Operations Officer. She requested him to email the survey to her and she in turn emailed it to Bank management.
The phishing exercise was structured so that people were requested to complete a survey on the adequacy of Kitsap Bank services. If they completed the survey, they would receive $5.00 via credit to their Kitsap Bank account. The site asked for the customer account number, “expiration date” and PIN. To our knowledge, only three non-customers responded questioning the survey.
At the same time, IT management went to work having the originating site shut down. Messages were also placed on the Bank’s website and on the internet banking site notifying customers that this survey was not originated by Kitsap Bank. By 3:00 PM, the site was shut down and no longer accessible.
At this time, we know of no customers that have been impacted by this scam. However, all staff have been told to be on alert for possible fraudulent activity. If you have any questions, feel free to contact Kitsap Bank at 360-876-7800.