After being bombarded with phishing e-mails this week I have had to ask myself who on earth would fall for them!
Google mail are usually very good at filtering out both spam and phishing mail; it's very rare that I'll actually see one in my inbox. This week however I must have received at least 5-6 obvious phishing emails every day and they have all been impersonating the Bank of America. I don't hold an account with the Bank of America--even if I did, would I not be suspicious of receiving the same two e-mails over and over again? Surely even to the most non-technical user that would be a tell tale sign that all is not well? I frequently receive letters from my bank warning me about phishing scams and how to avoid them so even users who are not ‘in the know' should know that it exists and poses a threat.
The emails I received this week were not well presented -- with the link to an anonymous IP address being plainly visible (that's right they didn't even bother to cloak the URL!). The message put across in the e-mail was totally inconsistent; the subject was ‘Unauthorised activity' while the content of the email told me that due to the pending introduction of smartcards, I needed to update my account information. Curiosity finally got the better of me and I had to follow one of the links to see what the next stage of the scam looked like (of course, I removed my e-mail address from the URL variables to make sure I didn't let them know that my address is valid); first of all, Internet Explorer blocked the site, plainly telling me that the site was a scam, next the front page which emulated a logon window simply continued to the next step despite me putting in ‘goaway' and ‘youidiots' as my username and password. The next page was the money maker; they asked for everything: name, address, phone numbers, e-mail address, account number, sort code, visa number, expiry, security code, mother's maiden name, first pet, first school, and so on. As well as asking for bank and credit card details, they wanted anything that could be used to verify my identity over the phone.
I just wonder who on earth would fall for this type of scam? I don't personally know of anybody who's been taken in by one of these scams, do you? Phishing scams cost businesses billions of dollars every year so people must still be falling for them. Judging by the responses to these crank calls, the general public are on top of telephone fraud, I wonder why the same doesn't apply to online fraud as well.