I received this phishing email today and it nearly suckered me because I use a fairly small regional bank, so I never expected something like this. However just as I was about to comply, I checked the url. It matched. Not sure how they managed that. Still, the more I thought about it, the more it stank. So I went back and checked the email headers and looked up the originating IP address.
I didn’t really have to do that though. All I really needed to do was mouse over the link I clicked on. That told the whole story. THAT was bogus. So I then forwarded to the US Dept of Homeland Security phishing email address - [EMAIL=“phishing-report@us-cert.gov”]phishing-report@us-cert.gov
In my defense, that crap about authentication did sound bogus, but I’m not a security expert so I wasn’t going to call bullshit. But I guess on some level it got my spidey sense tingling.
That’s alarming. In the olden days it was usually the case that the phishing emails contained spelling, grammar, or syntax errors. Guess they’ve hired some good editing help.
I hope that the Dept of HS does something with the information.
Have you notified the actual bank? The scammers may well have hacked into their system (since they knew you were a customer).
Or, they just send it to everyone and the people who don’t use the bank delete it because they assume it’s junk or a scam (because it’s not their bank).
Ah, that’s the thing. The first giveaway was, and I should have caught this, that it didn’t have my name.
I have no idea who to contact at the bank and it was after hours anyway - no accident I’m sure. I sincerely hope HS takes care of that. I would like to think that at least some govt depts can be counted on to do their jobs. I’ll try to follow up tomorrow but I imagine some damage will be done by then if not.
Or it just looks like the right address but isn’t. u2bank.com
etc. In the middle of a long jumbled URL, you very well might not notice that something minor like that.
Also, most of the times I’ve seen emails like this, the link that leads to the phising site it fake, but all the other links in the email are actual, legit links that go right to where you’d expect them to go.
I just went back to double check and it’s definitely the correct url, but you know what? I have the last pass plugin and IT could tell the difference since it only filled in my id on the legit site. That’s some scarey shit.
edit: It’s a multipart login and the first part consists of only your id. That’s why when you get to the scam site they tell you not to expect any of the normal security checks (I didn’t mention that - forgot that wasn’t in the email)
I rarely click on any business link, I tend to go to my bookmarks and go to the site that way. If I can’t seem to find whatever deal or offer or questionaire on the site that way, I shoot an email to the corporate spam address asking if the email was legit, or I will use the contact phone number in my phones phonebook to call a known contact number.
I’m assuming the link displayed correctly in the email, something like www.bbc.co.uk but the actual destination link (which you can only see when you mouseover the link) was www.phishing.com.
It’s trivial to fake a link; you can even do it here on the board: http://www.bankofamerica.com. You have to mouseover in order to see where the link leads you, and sometimes they’ll include the bank’s name in the URL, like www.bankURL.com.fakesite.com
Good rule: never go to a website unless it is clear the sender knows you. Never.
The one time I got a legitimate email from a bank, the instructions were to call the number on the back of the bank card.
Since they did include a phone number, what would have happened had they called you? I understand that there is some way of dialing an 800 number and being switched to a 900 number. How does the phone company permit that?
I consider myself pretty savvy on this sort of thing but I almost fell for something the other day over the phone. Got an automated call from an 800 number saying that it was Verizon calling about important changes to our account. They even asked for my mother by name and then gave us another number to call in regards to these changes. And the reference number was my phone number. I thought that was a little strange, but since I’m part of my parents’ family plan, I just gave my dad the message. Luckily, he looked up the phone number and discovered it was a scam. I felt a bit stupid for not catching it myself.
As was mentioned, the text link was good but the mouseover was fake. However when you actually went to the fake link, the url in the address bar was IDENTICAL to the correct address. That was new. Usually it’s a knockoff type address. This was exact. However LastPass could tell the difference so I’m guessing there must be some non-printing characters or something.
That’s interesting. A fake address bar, maybe? I thought they had managed to use JavaScript to display a fake mouse over address (Google does that for search results, the actual URL is a google.com but when you mouseover it displays the target address)
Why on earth, when the Internet and its protocols (WWW or whatever) were being built, would anyone have said “yes” to permitting non-printing characters in URLs???
I suppose this may be a separate discussion, but I’m really curious. Also, as was asked earlier, why would it be possible for someone calling a free-of-charge 800 number to be switched, without their knowledge, to a charge-per-minute 900 number? Who, at what point in the coding of the system, okayed that as an option?