Phishing again

Wow, more phishing appeared in my email the other day, after I hadn’t seen any in a while. Perhaps my spam filter was working overtime. This one was interesting because it was so blatant. It said it was from USBank (which I do not have an account with), and when I went to the phishing page, it asked for my credit card number, expiration date, ATM PIN and SSi. Geez, why not just ask for the key to my front door while you are at it. Interestingly enough, the real Account Management made easy looks nothing like this. Here is the shot of the Phishing site:

bad_us_bank

And here is a picture of the real site.

good_us_bank

It doesn’t ask you for sensitive information at all. Note that it mentions “Email Fraud Help” in the corner. Clicking there tells you:

U.S. Bank Security Commitment
At U.S. Bank, we’re committed to protecting your privacy and security. We will never initiate a request for sensitive information from you via email (ie., Social Security Number, Personal ID, Password, PIN or account number). We strongly suggest that you do not share your Personal ID, Password, PIN or account number with anyone, ever.

It’s a cleaver site. No broke links. Well, one. The one for “Contact us” doesn’t work, and gives you a 404. Not sure why they screwed up there, but they did. Other than that, all the links link back to the US Bank site. and in IE, it looks as though you are on the US Bank site. It isn’t until you look at it in something like Camino, which I cam currently running, that you see it is a very fake address. :(

According the ComputerWorld, 17 companies are banning together to fight phishing. These include IBM, Target and Schwab. This should be a big thing. If people keep falling for scams, there won’t be anyone left who trusts the web anymore. According to a Garner report in ZDNet, 1.98 millino poeple have had their checking accounts broken into through phishing. This amounts to $2.4 billion in fraud, or about $1200 per person.


Leave a Reply