I got an email allegedly from my bank, Wachovia (which absorbed First Union, which is where I created my accounts), telling customers we had to change our passwords for online banking, and asking us to go to a link that starts with wachoviaemail.com.
DANGER, WILL ROBINSON!
Of course, many many scams look like this, and the fact that the domain isn’t wachovia, but wachoviaemail, makes this really look like a scam.
A couple days later, a new email comes saying “It has come to our attention that there have been concerns about the legitimacy of this email and Wachovia would like to assure you that this was a valid email sent by us.” It also has a new URL, that goes to wachovia.com.
No shit, people really doubted it’s legitimacy?
When I go the Wachovia.com (typing it in, not clicking any link) and login as normal, the message is there too. So it is legit, unless the domain also got hijacked (unlikely).
Kinda reminds of me of the ABC News “breaking news” e-mail list. They send these things out with a title of “Breaking News” and a sender of “Breaking News”. I still can’t believe it’s not spam, everytime I open one.
The fact that it was legitimate makes me consider that Wachovia is completely clueless about security. I would change bank immediately if my bank did something as stupid. Any legitimate email about online banking or similar should include only a link to the main site front page, plus details of how to navigate from their to the relivant section where an update is needed. Plus a suggestion that the user types the link themselves into their browser.
