I regularly get phishing email from one bank name or t’other, and since I don’t have accounts at most of them, I can ignore the junk pretty easily. But last week I got one ostensibly from a bank where I do have an account. Legitimate-looking graphics, ads for mortgages, warnings about identity theft, the usual stuff. But moving my mouse over each underlined link showed the actual address behind the link to be something other than the bank site, usually a dead giveaway as to bogusity. Investigation showed the true address was a bulk mailing firm, although I couldn’t tell if that was really who sent it. Ha! So I stored it in my “interesting junk” folder.
Then I thought it might be a good idea to let my bank know, so I called them and was put in touch with their security site. On request, I forwarded the email to them. A short time later I got a return call. She said, “That was a legitimate email from us. Bulk mailers do our advertising.” :eek:
Well, that takes the cake. A bank is paying a spammer to send out emails that look like phishing! All I can say is if ever one of their customers gets caught and loses some money to a real phisher, the bank can take part of the blame for educating their customers in how to be so trusting.
What a stupid idea! Anyone else get spams from their bank?
I actually got one from my bank that asked me change my online banking username and password! And the URL of the link it gave wasn’t www.(bank).com, it was something like www.(bank)-verify.com! Of course I assumed it a phishing attempt and deleted it.
Then I got another where they admitted the previous email looked bad, and changed the URL to www.(bank).com. I manually typed in the proper URL for my bank (NOT clicking any link in the email), the same URL I always use for online banking, and sure enough they really did need us to change our passwords. They changed format from username+id number+password to just username + password.
I also verified via phone, just in case. Unless they hijacked both my browser and the phone number in my last paper statement, this was legit.
But damn! They couldn’t have made it look more fake if they tried.
My credit union is guilty of handing over credibility to phishing schemes as well. I recently got an email from them, saying I had been preselected for a survey. All the hallmarks of a phishing scheme, including the link to an unrecognizable server. I assumed it was fake, but it turns out it’s a real customer satisfaction survey, run by a third party firm contracted by the bank. It’s hard to understand the mentality behind this – how on earth can people be so clueless. Makes me a little afraid for my money …
It seems these people are just one step behind the market. By the time they get around to using email as a marketing tool, it’s too dangerous for that purpose, but being one step behind, they forge right ahead.
Maybe they’re related to the people who write the software that bounces undeliverable messages back to the address it supposedly was sent from, flooding innocent parties. Clueless is right.
Yeah, it’s weird. There seems to be a trend amongst legitimate companies to spell and punctuate badly, capitalize little, express concepts poorly, use HTML in emails, and copy and paste chunks of Captain Blood[1].
Maybe spam is so prevalent that you have to look like it or morons WON’T click on you??[2]
I got a similar email from ETrade. I was suspicious because the links in it looked like www.etrade1.(something random).com. But aside from that it was INCREDIBLY convincing. So I called up etrade customer service, and the woman there had never heard of it. So I forwarded it to their service department.
Then a few days later, I get an email back saying that it was, in fact, genuine.