Compare the above to the phishing effort here. It seems that when it comes to impersonating Chase, the technology is devolving. The giveaways here:
- "from company": atrocious Engrish.
- "service(s) listed below": ummmm...what services???
- "you will have to use your Social Security Number": whaddaya wanna bet I'd show up as not enrolled for Internet Banking? Good plan to snag the SSN twice, though.
- "not changes": we spreak Engrish velly goodry.
- "to staff": marginal, but probably should be "to our staff" or "to customer service"
- the URL doesn't even try to look safe this time, and it goes to http://access-ssl.com/..../
- Sincerely, who???
- usually, Customer Service in that context would be capitalized
- "Please do not 'Reply'": well, duhhhhhh...although typically, the warning is more like "this Alert was sent from an automated service that cannot receive messages"
- "internet banking account Financial Group": such a lack of self-esteem
- "All rights reserved": that made me laugh out loud...what rights? The right to hoover up my identity and go on a spending spree?
It does occur to me that by pointing out the shortcomings, I'm inviting phishers to build a better phishhook, but then I checked my site access logs and realized that the world is safe. :-)
No comments:
Post a Comment