« The Scent of a Stupid Spammer | Main | This Weekend's New Phish Ploy »

March 23, 2005

I can't believe the Washington Mutual (wamu) phishes are still coming, but they arrive relentlessly. Sadly, in one I noticed today, the phish message tries to increase its credibility by embedding what looks to be a real attempt by a crook using your account for no good. Look at this little tidbit in the middle of a "Security Center Advisory!":

We recently received a request from Nike Central Store, Maine to enable the charge to your card in amount of $349,95.

THE PAYMENT IS PENDING FOR THE MOMENT.

If the purchase was made by yourself, please ignore or remove this email message. If you authorize the purchase, the billing will be approved and it will be shown in your monthly statement as "Nike goods Maine Central Store".

If the purchase was not made by you and would like to decline the $349,95 billing to your card,please follow the link below to decline the transaction:

Few recipients might notice the comma between the dollars and cents amounts. We North Americans use the decimal point, while a good chunk of the rest of the world uses a comma to separate big and little currency units. That the author of this letter ain't from around these here parts should trigger some level of suspicion, but this detail may be too subtle for most.

I'd wager that if you were a wamu customer with a credit card account, this message would catch your eye. If you failed to investigate the message to see if it's legitimate, you'd probably click on the link in an effort to decline the charge. To do so, you'd have to supply your wamu user name and password (in the least) to the real-looking, but totally bogus form.

Say "auf Wiedersehen" to your account balance.