Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Stock Tips for (Someone Else's) Profit | Main | How to Win Friends... »

March 07, 2005

A New Worm on the Phisher's Hook

I don't read every phishing message that comes through here, but I noticed one today that is taking a new (for me) tack on the social engineering tricks used to convince bank customers to yield their personal identity info.

This one claims to come from Washington Mutual (the big wamu, again!) and wishes to thank me for being a loyal customer. Rather than terrorizing me about suspended accounts and attempted fraud, the lure here is all warm and fuzzy:

We offer you special discounts in all stores all over USA with your credit card and a special cupon offered free by our bank.This offer includes over 15000 shops located all over the country.
This is our Spring gift for our clients so don't miss this special occasion
All you have to do is to confirm your name and subscribe for your account and in 72 hours you will have your cupon. Click below for our special offer.

OK, some of the spelling is a little fuzzy, too, but that's not the point. The attraction here are words like "discount" and "free"—potentially dangerous words that Spam Wars readers know something about. I'll bet these guys snag more victims with this honey than with fear.

The actual link behind the wamu-looking link in the message is a numeric IP address, and the form at the destination site asks for the same stuff that all phishing forms do. It's probably the same form the phisher uses for his more threatening come-ons.

Unfortunately it has come to this: Unless you're willing to look behind messages claiming to be from someone holding your private information, you simply can't trust the message—especially when they ask you to supply information they should already have on file. EBay had to institute its own messaging system to try to put trust back into its communications with customers (alas, customers still succumb to phishing emails).

Financial institutions want you to do more things online (it saves them labor costs); yet it's increasingly more difficult to trust email communications from those institutions. Customers' brains should start exploding at any moment.

Posted on March 07, 2005 at 04:39 PM