I almost got Phished today
I almost got phished today. Phishing is when a bad guy sends you an email that looks official. Their goal is to trick you into giving up personal or finanacial information, which then leads to fraud or identity theft. It claimed to be from Wachovia, who I have an account with. It looked official, and it is the end of the year. I thought I might be due for an account update. But then I noticed three things..
- The web address looked shady. It wasn’t www.wachovia.com/something. It was clearly a server under some guy’s desk: http://219.121.43.23/icons/www
.wachovia.com/onlineser… - The “from” line of the email said Wachovia Corporation, but when I hovered over it with my mouse it gave an AOL address. I use gmail and that has a “show details” button. Sure enough, it displayed the full AOL address when I clicked on it.
- It was really pushy about getting me to click on the link. In fact, it threatened to suspend my account if I didn’t do it. No real bank would make this threat.
So this was definitely a phishing attempt. I dodged the bullet and wanted to warn all my newlycorpote friends.
Here’s the full body of the message…
Dear valued Wachovia member,
It has come to our attention that your Wachovia account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.
However, failure to update your records will result in account suspension. Please update your records on or before November 16, 2007.
Once you have updated your account records, your Wachovia session will not be interrupted and will continue as normal.
To update your Wachovia records click on the following link:
http://219.121.43.23/icons/www
Thank You.
Wachovia Update Team
Accounts Management As outlined in our User Agreement, Wachovia will periodically send you information about site changes and enhancements.
Visit our Privacy Policy and User Agreement if you have any questions.
Copyright 1999-2007 Wachovia. All rights reserved.
Subscribe in a reader
I hate phishy mail. I’ve been getting an increase in phishing emails from fake banks and for PayPal recently as well. Some tips from getting a ton of these:
Always roll over links before you click to check, if the URL isn’t from the domain then it’s a phish. Also – I noticed they’re saying your account 9450-XXX-XXX-XXXX is suspended. Banks give you the last 4 digets, not the 1st 4. OH yeah and if you have never heard of the bank before and they’re telling you your account is suspended/needs updating… it’s a phish.