Colonial Bank is not in Djibouti

Colonial Bank
Djibouti lies in northeast Africa on the Gulf of Aden at the southern entrance to the Red Sea and according to the bank’s staff here in St. Augustine, Colonial Bank doesn’t operate there.

None the less, the following e-mail was received by Historic City News and Media this morning from a local Colonial Bank subscriber:

Secure Server e-Cert & Developer e-Cert.Connection-Colonial Bank

Connection – Colonial Bank Renewal (Last Notice!)

Certificate Renewal
Personal (Smartcard) e-Cert & Personal e-Cert
Certificate owner must renew the certificate before expiry date.

Your certificate expiration date – 18 may 2008.

The system will send email (Certificate Renewal Notice) to the certificate owner ten hours before the certificate is due to expire, if it has not been renewed.

Upon receiving the renewal notice, certificate owner is required to connect to Colonial Bank Certificate Management System and present the client certificate.

Secure Server e-Cert & Developer e-Cert

Certificate owner has the responsibility to renew the certificate before expiry date.

Successful renewed application will receive an email notification from Colonial Bank.

Applicant can just browse to the URL stated in the email and then download the certificate.

Download now>>

2003-2008 Colonial Bank, N.A.

The “Download now>>” text is actually a hidden hyperlink that refers those gullible enough to click it to an address (URL) in Djibouti. The URL is so long that it appears authentic and the top level domain “.dj” is not commonly seen by victims of this Internet phishing scam, so it may be innocently clicked – especially by Colonial Bank customers who receive the e-mail.

Be suspicious if you receive any unexpected e-mail from a financial institution, especially if you do not have an account relationship with them.

In this case, if you are a Colonial Bank customer and you replied to an e-mail of similar appearance, contact the bank’s Fraud Department.