CogBlog
In 1997 I co-founded COGBOX in with Michelle DeCol. Since then we've offered online marketing, web development and corporate and brand identity to a wide range of clients. Here I post thoughts and comments on search marketing, recent projects, and other things I find interesting.
Pfishing Attack Design Standards Keep Improving
Published Monday, October 17, 2005 by chris | E-mail this post
About once a week now I get a message from a bank warning that my account settings need to be updated, or that my security has been compromised somehow. All I need to do is go log in, and set things straight. How helpful.
Only problem is that I usually don't have an account at the bank in question.
It is really some guy in Romania who would just love to get his hands on my username and password. The name for this kind of scam is one of those words that everyone loves to say right now: pfishing.
Anyway, I've been impressed with the improvements in design quality lately. These messages used to be easy to spot:
"hello, if you plaese enter password at site here. Custom Service".
Uh, no.
But now they will often use the bank's own template for the email, even leaving the links to the images hosted by the bank. It all looks very legit. Here is one I received today:
Look, they are letting me know that someone from Eastern Europe is trying to steal my money. The IRONY!
This doesn't look bad. They might investigate the US convention for typing dates though. And, their call to action needs some work. "perform the steps necessary"?
So, what happens if you click that link? You go to...WOW, they are going for a homerun here. They want my whole life!
Oooh, that one is really going to hurt. Drivers license, Mother's maiden name, PIN number??
I fear for my GrandMother every time I see one of these messages.
Only problem is that I usually don't have an account at the bank in question.
It is really some guy in Romania who would just love to get his hands on my username and password. The name for this kind of scam is one of those words that everyone loves to say right now: pfishing.
Anyway, I've been impressed with the improvements in design quality lately. These messages used to be easy to spot:
"hello, if you plaese enter password at site here. Custom Service".
Uh, no.
But now they will often use the bank's own template for the email, even leaving the links to the images hosted by the bank. It all looks very legit. Here is one I received today:
Look, they are letting me know that someone from Eastern Europe is trying to steal my money. The IRONY!
This doesn't look bad. They might investigate the US convention for typing dates though. And, their call to action needs some work. "perform the steps necessary"?
So, what happens if you click that link? You go to...WOW, they are going for a homerun here. They want my whole life!
Oooh, that one is really going to hurt. Drivers license, Mother's maiden name, PIN number??
I fear for my GrandMother every time I see one of these messages.
Previous posts
- Connect Magazine Article
- A One Hour Prime Time Ad
- Are your contact forms being hijacked?
- Ask Jeeves Search Platform Really Just Looksmart?
- Does a Secure Form Help Conversion
- COGBOX Launches New Site for The Leonardo's Salgad...
- Sponsored Search Pricing
- Third-Party Directory of Google AdWords Profession...
- FastClick and ValueClick Merging
- Sony Takes Auctions of In-Game Content Out of the ...
Archives
- May 2004
- June 2004
- July 2004
- September 2004
- March 2005
- April 2005
- August 2005
- September 2005
- October 2005
- November 2005
- December 2005
- January 2006
- February 2006
- March 2006
- April 2006
- May 2006
- June 2006
- July 2006
- August 2006
- September 2006
- October 2006
- November 2006
- March 2007
- April 2007
- May 2007
- September 2007
- October 2007
- December 2007
- February 2008
- April 2008
- May 2008
- July 2008
0 Responses to “Pfishing Attack Design Standards Keep Improving”
Leave a Reply