(Pieter Musterd image.)

My bank, a small, local institution, posted the following on its website this week:

Today (11/5/2009) around noon SBSU was targeted by a cell-phone text messaging scheme. The bogus message claims that your "ATM card is suspended" and asks you to call a 1-877 phone number and input your card information. While these attacks concern us, we trust that you recognize a phishing scheme when you see one. Criminals want your entire card number, expiration date and PIN, which is everything they need to go on a spending spree. You should know that we will never ask for all of that information. If you do happen to be called by a legitimate bank employee or our fraud control system, we will provide bits of information to correctly identify you, such as partial card numbers or recent transactions. We will not ask for your entire card number, expiration date and PIN.

It seems fraudsters get ever more sophisticated— and target even smaller pools of potential victims.  Text messaging likely customers of a local bank?  That seems like a lot of work with little return on investment likely.