Wednesday, 17 December 2008

Even Phishing Emails warn of Phishing Emails

I received a Phishing Email targeting customers of a UK bank just moments ago. I wouldn't normal post such things up, but I found this one particularly amusing and a bit of a phishing Email first, because the email actually warns of suspicious Emails and phishing! I thought the phrase "A new Second Level Password" particularly funny. The scam email finishes with another warning about "suspicious e-mail appearing to be sent by Alliance & Leicester Commercial Bank - please ignore it and contact us now", it all rather like a 1970s Monty Python sketch!

Phishing Emails always target one of two human emotions, Fear or Greed. This one is targeting Fear; its objective is to scare the receiver into thinking their bank account security (their money) has been compromised, so encouraging the user to click the link through to a bogus website impersonating the bank site, where the users banking credentials are harvested unknowingly.  "Greed" based phishing Emails usually offer free prizes, free holidays or just straight up cash, for example telling the receiver they have won the European Lottery, or that Nigeria millionaire who needs you to pay the bank transfer fees in order to send that a large oil inheritance you have due, not that the user has ever entered any lottery nor has any connection with Nigeria what-so-ever.

Perhaps I shouldn't be making light of these scam Emails, as even though most people are aware of these types phishing email scams today, there are always one or two who do get sucked in and caught out.  This is why these scam emails are still common place in our mailboxes, it is simply because they do work
 
(I have removed the bogus website links)
"Dear Customer,

Latest News

ALERT MESSAGE: SUSPICIOUS E-MAILS - PHISHING FOR DEBIT CARD NUMBERS AND PASSWORDS:

Please be informed that currently fraud e-mails are sent to customers and non - customers of Alliance & Leicester Commercial Bank requesting to provide their online banking details.

In any case you should not provide any of your personal information or banking details.

A new Second Level Password has been sent to all our Retail customers in your online

Please activate the new one.

Start now the Alliance & Leicester Commercial Bank authentication process.

When you log onto the service we will ask you to accept the updated Terms and Conditions.

Once you have accepted these, you will be able to access your accounts in the usual way.

Alliance & Leicester Commercial Bank would never ask you to give through e-mail or any other mean any private and confidential information.

If you receive in your mailbox a suspicious e-mail appearing to be sent by Alliance & Leicester Commercial Bank,

please ignore it and contact us now.

Alliance & Leicester Commercial Bank Online Billing Department."

1 comment:

polsaway said...

Mine was identical but from the Halifax. I always thought these were a hoot; didn't realise that ANYONE would take them seriously. Wrong!