Information Security News mailing list archives
Private bank e-mail goes awry
From: InfoSec News <isn () C4I ORG>
Date: Thu, 6 Jul 2000 23:28:51 -0500
http://www.zdnet.com/zdnn/stories/news/0,4586,2598782,00.html By Bob Sullivan, MSNBC July 6, 2000 5:25 AM PT What do a tiny bulletin board service in Virginia and one of Spain's largest banks have to do with each other? Far too much. Jim Caldwell has been running Bulletin Board VA -- BBVA.com, for short -- for about four years, with a steady trickle of Web traffic. But last fall, when Banco Bilboa Vizcaya of Spain merged with Argentaria SA, the two formed BBVA. And ever since, Caldwell, in his tiny rural Virginia BBVA.com office, has been receiving hundreds of e-mails -- some with sensitive bank information destined for Spain. It's a case of mistaken identity, Internet style, and the story brings together a rural Virginia man who publishes a weekly shopper with a circulation of 10,000 and one of the world's 20 largest banks. Banco Bilboa Vizcaya Argentaria is an international banking powerhouse on the move; in addition to last fall's merger, it's also in the process of acquiring Bancomer SA, Mexico's second-largest bank. It's now listed on nine different exchanges and operates in 37 countries. But all this activity has raised at least one technological hurdle, which points out some of the perils of business communication in the Internet age. Apparently, hundreds of bank employees and outside vendors have mistakenly assumed that, since the bank is now known as BBVA, any e-mails sent to employees should end in "@bbva.com." 'When all this e-mail started coming in I didn't know who to contact. I didn't know who to talk to. To me it is beyond the stage of being funny.'|Jim Caldwell But instead of landing with the right person in Spain, they land on Jim Caldwell's e-mail server -- between 50 and 70 messages a day, every day since October, and he's not happy about it. "When all this e-mail started coming in I didn't know who to contact. I didn't know who to talk to," he said. "To me it is beyond the stage of being funny." That's because Caldwell says he's receiving confidential notes that are intended for bank officials. He's shared several of the messages with MSNBC -- many are harmless general correspondence, but at least a few contained bank account numbers and amounts, some attached to account adjustment requests from customers. "These people are walking around with a hand grenade with the pin out," Caldwell said. Ironically, the problem has come to light only months after the bank announced plans to develop a multimillion-dollar international Internet banking initiative. "I'm concerned something is going to happen, and I don't want to be standing in the middle. Somebody is going to get hurt before this is over with in a major fashion. I don't want to be made responsible for that." Bank merger talks revealed The most interesting piece of e-mail viewed by MSNBC was a note from an employee at Credit Suise First Boston dated June 22 offering to broker a deal in which Banco Bilboa Vizcaya Argentaria would acquire Brazilian financial institution Banco Bandeirantes from Caixa Geral de Depositos. It is not known if the bank is actually interested in such a deal, and bank officials would not comment. They did confirm the ongoing mishap, however. "The mistake is in our side," said Jesus Pertejo, manager of international corporate communications for the bank. "People are lazily saying if this is BBVA bank it must be bbva.com. We have 50,000 or 60,000 people, and we have to get the message out to use the correct address." The correct domain name, at the moment, is grupobbva.com, but the bank is in the process of switching to bbva.es, the top-level domain reserved for Spanish Web sites. According to Caldwell, there have also been brief negotiations about the bank acquiring the bulletin board's domain name. Pertejo said he was unaware of any talks that may have taken place; he added that he didn't think Caldwell was cybersquatting. Understandably annoyed "I know they have been operating for several years," he said. "We know that they are in some way angry. This is because they are fed up with receiving messages destined for everyone in the bank." And it's that anger that convinced Caldwell to go to the press -- not a desire to drive up the price of the domain name, according to Caldwell. He's endured the e-mail deluge for nearly nine months and says he's gotten nowhere by directly contacting the bank. "There're ignoring me, and I'm deleting them," he said. He wouldn't estimate how much the extra Web traffic and e-mail have cost him, but says he can spend up to two hours a day clearing out his e-mail server. He's also received several viruses from misdirected bank e-mail. Bank officials in Spain told MSNBC they are in the process of contacting Caldwell in an attempt to clear up the situation. But Caldwell, who says he first tried to complain to the banks months ago, is doubtful there will be a quick solution. "If they had come and talked to me, had approached me directly and told me what was going on, well, I probably would not have wanted to sell (the domain)," he said. "But had they persisted, they would probably have gotten it a lot cheaper than they will now." ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Private bank e-mail goes awry InfoSec News (Jul 07)