What Kind of Crap Is This? (continued)
I have used that headline in the past to talk about nasty stuff that the Bush team has been doing.
But I like it so much that I am going to use it to talk about all kinds of nasty stuff I see. Yes Hector (aka Heckler) I'll even try to find some nasty stuff that Kerry is doing and call that out too.
This post is about phishing. It's worse than spam, viruses, or spyware. I am adding it to my Internet Axis of Evil list which currently includes
Spam & Viruses
Comment Spam
Spyware
If you want to learn more about this crap, visit the Anti-Phishing Working Group.
I got this email today:
Dear SunTrust Bank customer,Recently there have been a large number of identity theft attempts targeting SunTrust Bank customers.In order to safeguard your account, we require that you confirm your banking details.
This process is mandatory, and if not completed within the nearest time your account may be subject to temporary suspension.To securely confirm your SunTrust Bank account details please click on the link below:
https://www4.SunTrust.com/internetBanking/RequestRouterrequestCmdId=DisplayLoginPage
Thank you for your prompt attention to this matter and thank you for using SunTrust Bank.
Sincerely,
SunTrust Bank Internet Banking & Support department.
First, I am not a SunTrust Bank Customer
Second, even if I was I would never react to an email like this.
But so many unsuspecting people will fall for this, today, tomorrow, and for a long time to come.
This crap has to be stopped. The people doing this should be put in jail. For a long long time.
This proves my assertion that the internet is still in it's 'wild west' infancy, and it may be a while before the sheriffs and marshalls arrive on the scene to clean up Dodge City.
Posted by: jackson | September 29, 2004 at 12:47 PM
I tend to just click through and fill in the blanks with one of two things:
a) real-looking but completely fake information in the hope that maybe their repeated attempts to log into the real bank site will help them be found (unlikely)
b) a variety of obscenity-laced insults letting them know what I think of them and their scam. It doesn't accomplish much other than making me feel better.
And then, of course, I go to the real bank website, grab their abuse address, and forward the URL on its merry way.
Posted by: andy | September 29, 2004 at 02:10 PM
I got an email one afternoon which was an obvious phishing attempt. This was before I started my blog so I had a few spare minutes left in my day, so out of curiousity I checked where the domain name (of the phisher not the real bank) was registered. To my surprise rather than being registered to Russia or some off-shore hideaway it was registered to a U.S. address with a telephone number. Thinking that no-one would be stupid enough to use their real name and phone number I called up to tell the owner that someone was abusing his domain.
So I got the guy on the phone and he sounded very young. I said do you know that there is a fake site phishing for information on your domain. He replied yes. He then hung up the phone.
I called back again.
This time a woman answered. I advised her I would be forwarding the email to the bank and her son could get in serious trouble.
She replied
"that's not my son. that's my husband"
oh dear.
Posted by: Alternative Energy | September 29, 2004 at 02:17 PM
I got that email today too. If you use Firefox you can see the real URL if you hover the mouse over the fake URL they give you. IE had a bug that prevented the real URL from being shown, but I'm pretty sure that was fixed in a recent patch. At least I hope it was.
Posted by: Chris | September 29, 2004 at 02:19 PM
Jackson: Putting the cowboy glamour back into the internet, I like that :)
Posted by: Adrian | September 30, 2004 at 07:00 AM