For community bankers who believe that phishing, pharming and other weirdly-spelled Internet nasties are confined to banking behemoths like Citi, Washington Mutual and Chase, think again.

At 10:30 Friday morning, August 26, a $648M community bank in Massachusetts was phished by Romanian hackers. The scam launched emails from a computer system belonging to school library in Texas and directed recipients to a fake web site hosted in Brazil. The Brazilian page attempted to collect personal information for the criminals Romania.

Alert customers and quick thinking by the bank’s web hosting service stopped the scam by early Friday afternoon. Yet 45 minutes later, the fake site was back in business. The bank published a prominent message on its legitimate web site alerting customers to the scam, and a third party security firm was engaged to shutter the fake site for good.

What can a bank do in the face of such an attack? Obviously, the attack mechanism must be found and disabled. But the Internet is a frighteningly vast place to find anything, let alone the criminals who are attacking your web site!

Fortunately, users of the bank’s web site alerted the bank to the scam and submitted the phishing emails for review. Some weren’t even customers of the bank – although they had received the phishing emails.

The bank’s hosting service then used information in those emails and a log of all web activity for the bank’s web site to discover the critical information that led to the scam’s demise by 12:13 on the day of the attack.

The phish used graphics from the bank’s legitimate web site to fool potential victims. But requesting graphics without requesting a page is a powerful sign to Internet sleuths that something is amiss. When the host’s sleuths checked the logs for solo graphics requests, they learned the country of origin, the planning timeline, and the staging areas for the attack. Subsequent research quantified the number of customers who viewed the phishing message and even the data submitted by the one visitor duped by the phish.

This scam started two weeks earlier with downloads of forms and graphics from the legitimate web site. On the morning of the attack, the phishers reviewed the legitimate site one more time to check for last minute changes. Then they tested their scam by submitting blank forms to the legitimate site. Minutes later, the phishing emails were distributed and recipients began to alert the bank.

Additional research of the scammers’ forms showed they were using a template and filled in blanks for the bank’s logo and name. The same template had been used to phish users of eBay, PayPal, Washington Mutual, LaSalle Bank and SkyOnline.

The incident underscores the importance of informed, vigilant customers who are committed to helping the bank stop fraud. It also reinforces the need for quality web hosting services that pursue scams until they are shut down.

Here are four steps you can take to prevent your bank’s web site from becoming a phishing target:

1. Enlist your customers in the fight against phishing and other Internet scams. They are your early warning system and will help you collect the information to stop the attack.

2. Pay attention to your customers’ emails. Don’t let your customers’ warnings fall on deaf ears!

3. Many attacks occur just before or during a weekend. Assign someone to monitor your site and your customers’ emails during those vulnerable times.

4. Develop an Internet disaster test to see how quickly your hosting service can respond to an attack.

You should know that approximately 12,000 phishing exploits are active as you read this column. If you have a web site, be prepared to protect it.