Thursday, November 19, 2009

Poor Phishing


These show up now and then, though my server's spam filter usually catches 'em. The first line offers a clue. The image looks pretty good at first glance. Until you read it:

"Because of unusual number (sic) of invalid login attempts on your account, we had (sic) believe that their (sic) might be some security problems on your account."

No shit?

When you make three spelling and grammatical errors in the first line of your phish email, it doesn't make you look really clever. As inept as the U.S. banking system has been of late, I can't believe they have fallen quite this low ...

Don't ever give anybody your banking passwords online. Your bank knows better than to ask, and anybody who does is trying to scam you.

Here's what the real B of A has to say about it:

Some things to keep in mind regarding fraudulent emails:

  • Unlike phishing emails, we will never ask you to verify personal information in response to an email
  • Most fake communications convey a sense of urgency by threatening discontinued service
  • Many fraudulent emails contain misspellings, incorrect grammar, and poor punctuation
  • Links within the fake email may appear valid, but deliver you to a fraudulent site
  • Phishing emails often use generic salutations like “Dear Customer,” or “Dear account holder” instead of your name
  • The address from which the email was sent is often not one from the company it claims to be.

5 comments:

Jens Altmann said...

I particularly like those phishing attempts that claim my account is compromised --

-- at a bank with which I don't do any business.

On top of the poor spelling.

Brad said...

I've gotten both, bank I use and banks I've never had and never will have accounts at. I usually try and send a polite email thanking them for their concern, right before I tell them to pound salt. Of course, I use far saltier language.

Anonymous said...

Hi! Do you know where I could report phishing emails? I have been getting emails from a certain perlapobjie@gmail.com who kept asking for addresses and pictures.

jks9199 said...

There's a federal site; I thunk it's on the FTC pages. You can also repot it to Google for the misuse of the gmail account.

jks9199 said...

This page contains a set of links to report phishing attempts:
http://www.us-cert.gov/nav/report_phishing.html

Another thing you can do is notify the real place, like if it's Bank of America, contact them. Often there's a link to their security site on their homepage.