« wis.dm now in beta - A social network of ideas | Main | A nice panoramic photo of Curacao »

I fear for the gullible user

I received this email from "Bank of America". It obviously a phishing attack but it sounds so legitimate and straightforward that I can easily see lots of people (including some I know) to fall for it. Scary, look: even the URL looks real:

Dear Customer:

Recently there have been a large number computer terrorist attacks over our database server. In order to safeguard your account, we require that you update your ATM/Debit card PIN.

This update is requested of you as a precautionary measure against fraud. Please note that we have no particular indications that your details have been compromised in any way.

This process is mandatory, and if not completed within the nearest time your account may be subject to temporary suspension.

Please make sure you have your ATM/Debit card and your login details at hand.

To securely update your ATM/Debit card PIN please go to:

http://www.bankofamerica.com/state.cgi?section=signinpage&update=&cookiecheck=yes&destination=nba/signin

Please note that this update applies to your ATM/Debit card - which is l! inked directly to your checking account, not credit cards.

Thank you for your prompt attention to this matter !

Regards,
Bank Of America Customer Support

And when you go to it, the URL is: "http://148.217.2.29/~magallanr/cgi/cgi-bin/sso.login.controller/SignIn/"

Scary!

DIGG! Posted by Pito Salas on February 14, 2007 09:31 AM |

Comments

My favorite attack, which I came *this close* to falling for, is the one where you get a message from eBay. This one, however, is not the "please update your personal details" message. This is the *complaint* form that an eBay buyer fills out when he or she wishes to complain about you as the seller. It threatens you with loss of eBay privileges and reputation. It very clearly shows the item you listed for sale.

Of course, you didn't list that item. No problem. After all, there is a "dispute resolution" link you can click to initiate eBay's process for rectifying situations like this. And that, of course, is the only booby-trapped link in the entire message.

Devious.

Posted by: Dennis Doughty | February 14, 2007 12:31 PM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Prove you are a real person by entering the word "happy":