Phish Phry that hooked me for a moment

It’s pretty easy to tell when those lousy nogoodnicks who are lower than scum and are fit to die a slow death of gangrenous infestation by a million maggot march (go on, Susan, tell us how you really feel –ed) are trying to pull a scam on me via my email inbox. The mail comes from some banking institution that is none of my own. One glance, a muttered oath, and a delete is all it takes. But just now I got an email “from” my own bank.

In order to be prepared for the smart card upgrade on Visa and MasterCard debit and credit cards and to avoid problems with our ATM services, we have recently introduced additional security measures and upgraded our software.

This security upgrade will be effective immediately and requires our customers to update their ATM card information. Please update your information here. [and “here” is a hyperlink]

It didn’t take a half-a-second to realize that this is a phishing attempt. But that was half-a-second too long. Where can I send those maggots?

2 responses to “Phish Phry that hooked me for a moment”

  1. Mike Duffy

    One thing to do is to help “ordinary” people get smarter about phishing attacks – this “phish or legit?” quiz over at MailFrontier (no affiliation) is certainly eye-opening. I expected to score 100% and didn’t, despite a lot of experience with the possible methods of obfuscating the real site involved.

  2. Susan Kitchens

    Mike, thanks for that link. Excellent test. As it happened, I got 100% — didn’t expect to, since there were a couple that I wasn’t sure about (the first one and the earthlink one). So I feel happy and smug (and relieved?). One real-world clue that I use is the name that the email is sent to—the case I mentioned here used a certain form of somename-not-exactly-the-preferred-one [!at!] auntialias [!dot!] com; I didn’t have that advantage in the test.