Phish.
Posted: Wed Jan 10, 2007 11:22 pm
Got this email the other day:
...looks pretty official, no? Problem is...I don't *have* a Bank of America account. Nevermind that, look at the honesty, forthrightness...letting me know that their SSL is not valid, but rest assured, they're working on it. They even make sure to show the whole URL so you *know* it's no shady hyperlink sending you somewhere strange...but oops, don't look at the source:
<a href="http://211.72.154.82/~suzan/.www.bankof ... ep1.htm</a>
I guess that's at least 10% clever. Ok...grab the source, and fire off an email to let the appreciative, and *real*, Bank of America in on the deal...and then back to work.
Fast forward a couple days...hmm...I can't stand it...I wonder where it really goes. No problem, fire up Firefox, grab an temporary anonymous proxy IP, and hit up the page. Upon my much anticipated arrival (proxy is slooooow), I find the lack of effort extremely disappointing:
Unbelievable. What computer-illiterate fool's computer-illiterate grandma would fall for this? I just don't get it.
Utterly unsatisfied...I simply must know more.
...you didn't think I was gonna use real info did you?
Just to make sure nobody gets hurt, I used the longest-expired imaginary card I could find in my fake wallet. Apparently they're not too picky about this, because everything seems to check out. Now they want to verify my very very very private info...OK...let's just do that.
Solid gold...everything must check out perfect, because all I have to do now is await my 'Profile Update Pending'.
And that's it...I'm just redirected to the real Bank of America site, with all of my fake info safely stored on some slimebag internet schmoe's SSL EncryptedServer®©™. If these moronic punks are going to waste my time trying to scam my dough...wouldn't you think they could at least try to be a little clever about it?
Well, I guess not.
...looks pretty official, no? Problem is...I don't *have* a Bank of America account. Nevermind that, look at the honesty, forthrightness...letting me know that their SSL is not valid, but rest assured, they're working on it. They even make sure to show the whole URL so you *know* it's no shady hyperlink sending you somewhere strange...but oops, don't look at the source:
<a href="http://211.72.154.82/~suzan/.www.bankof ... ep1.htm</a>
I guess that's at least 10% clever. Ok...grab the source, and fire off an email to let the appreciative, and *real*, Bank of America in on the deal...and then back to work.
Fast forward a couple days...hmm...I can't stand it...I wonder where it really goes. No problem, fire up Firefox, grab an temporary anonymous proxy IP, and hit up the page. Upon my much anticipated arrival (proxy is slooooow), I find the lack of effort extremely disappointing:
Unbelievable. What computer-illiterate fool's computer-illiterate grandma would fall for this? I just don't get it.
Utterly unsatisfied...I simply must know more.
...you didn't think I was gonna use real info did you?
Just to make sure nobody gets hurt, I used the longest-expired imaginary card I could find in my fake wallet. Apparently they're not too picky about this, because everything seems to check out. Now they want to verify my very very very private info...OK...let's just do that.
Solid gold...everything must check out perfect, because all I have to do now is await my 'Profile Update Pending'.
And that's it...I'm just redirected to the real Bank of America site, with all of my fake info safely stored on some slimebag internet schmoe's SSL EncryptedServer®©™. If these moronic punks are going to waste my time trying to scam my dough...wouldn't you think they could at least try to be a little clever about it?
Well, I guess not.
Most south sides usually contain a few Billybob's ...