« Same Tricks, Different Language | Main | Attack of the Killer Dictionaries! »

January 15, 2005

Many of the phishing messages that come my way are "from" institutions with which I don't do business. I don't get as many Citibank ones as I used to, but I do see a lot for Washington Mutual (wamu) and Suntrust. Therefore, it was no big deal to see one come in with a partially corrupted subject:

Subject: Error found, please submit , suntrus informatiql

Certainly not a professional job, as phishers go. Perhaps some Suntrust customers would be fooled into opening it. If they do, however, they're greeted with a Washington Mutual phish ("Dear wamu customer"). No reference to Suntrust whatsoever.

This message carries on a grammar error I've seen for months:

Note: If you choose to ignore our request, you leave us no choice but to temporary suspend your account.

It's another reason I feel the messages and software are being distributed in a kind of do-it-yourself or affiliate phishing "kit."

Anyway, this phisher must have found out the mistake. Less than three hours later came another phish with the same message and same disguised URL to a hijacked Brazilian Web server:

Subject: James from wamu.com - please submgz

He still has some corruption problems, but unsuspecting wamu customers will likely open this message. Some will be taken in by the warnings (while overlooking the bad grammar).

In one of my recent radio interviews (plugging Spam Wars), the host told me of a close call he experienced with a phishing message. He was on the phone with his father, when his dad received one of these messages. His dad was about to go to the phisher's Web site and enter his personal identity info, when the host luckily interceded. Had he not been on the phone at that instant, his dad's bank acount and/or credit rating would have been toast.

One of the verses of the song "Teach Your Children" (Crosby, Stills, Nash, and Young) begins: "Teach your parents well." That goes double if they're on the Internet.