Another common type of e-mail fraud is called “phishing”. Basically, they pretend to be someone else, in an attempt to get you to reveal personal information, just as login and password, or your social security number. (Or both.) Many of these can be rather sophisticated, mimicking the real website down to the slightest detail.

Some, on the other hand, are so poorly done, you have to wonder why they bother. The reason is simple… because people fall for it. When you send out a million phishing e-mails, it only takes a very small fraction to fall for it to make it worth their effort.

Here is a recent example of a “so poorly done, it’s gotta be obvious that it’s a fake” phishing e-mails:

Subject:  Business Online Banking Account Alert!

—–

You must submit verification documents to continue using your account without interruption. To view the details of this request and submit the required information, click on the following link (or copy & paste it into your web browser):

http://[elided]/Upload_documents_blank.exe

We thank you for your assistance in this matter.

So, let’s take the 30-second “what red flags does this raise” tour:

  • There’s no mention of what “online banking account” it’s supposedly referring to.
  • There’s no mention of what bank it’s supposedly from.
  • There’s no mention of any details of whom it’s supposed to be written to. (Anything from my bank has my name, or the name on the account, in the e-mail. Anything from my credit card company includes the name on the card, and the last 4 digits of the account.)
  • The link is not to any bank’s website.
  • The link is to download a Windows executable. No legitimate financial institution will include an executable file. (And if you ever get such an attachment from your financial institution without asking for it, complain to them… Loudly, and in no uncertain terms.)

So, once again… Why do they “waste their time” on such “obvious” fake e-mails? Because someone, somewhere, will fall for it.

In this particular instance, the website owner apparently found and deleted the executable which was somehow put on their website, so I can’t tell you what “bad things” would have happened if you did fall for the scam. But, you can be sure that it probably asked you for some personal information, which it would have sent on to “the bad guys”. And, while it was at it, it probably would have installed some nasty bit of malware at the same time.

Leave a Reply

You must be logged in to post a comment.