Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
User Journal

Journal johndiii's Journal: Odd phishing spam 4

Journal by johndiii

For the last few days, I've been getting several of these per day, to various addresses on my domain. The text is all pretty similar (I've inserted some random spaces in the link):

We would like to inform you that we have released a new version of Bank of America
Customer Form. This form is required to be completed by all Bank of America
customers.

Please follow these steps:

1.Open the form at
http://www.bankofa merica.com/srv_4579/custo merservice/securedi rectory/cform.do/cform.php?id=768108 420416341043156380710387049 37606992774945855.

2.Follow given instructions.

Because email is not a secure form of communication, please do not reply to this email.
  If you have any questions about your account or need assistance, please call the
phone number on your statement or go to Contact Us at www.bankofamerica.com.

Bank of America, Member FDIC.
© 2009 Bank of America Corporation. All Rights Reserved.

What I'm wondering is this: How does it help them to send out what appears to be a valid bankofamerica.com link? Viewing the email as plain text, the link is not to a phishing site. Perhaps the number on the end is some kind of attack against the web form? But I get the same kind of link to chase.com and others. Seems weird.

Update: I looked at the HTML version of the email (in a text editor) and it does indeed have a disguised link. So not really a mystery, just an artifact of reading emails as plain text. :-)

This discussion was created by johndiii (229824) for no Foes, but now has been archived. No new comments can be posted.

Odd phishing spam More

Odd phishing spam

Comments Filter:

  • The random spaces are to discourage just cutting and pasting the displayed URL, and the embedded URL is to fool folks. And it fools a lot of 'em, especially since most folks don't know even the basics of HTML. Even those folks who do know-- both about HTML AND phishing-- can easily forget for the split-second it takes to click a link (since that's what most of the internet encompasses-- click, click, click).

    It's one of the reasons I really dislike the push for "one-click" ANYTHING. Lots of things really

    • When I'm receiving an email created by an individual, I vastly prefer emails in plain text. When I'm receiving an email created by an automated system, I typically prefer HTML; Emails that I receive from automated systems are typically extensions of web interfaces I use.

  • Good thing I usually read things as text and turn images off.

    Never ever trust anything from your bank - always go to the stored link you have saved for your bank instead.

  • ...it's to get machines with keyloggers installed on them to have login credentials typed on them?

Slashdot Top Deals

The last thing one knows in constructing a work is what to put first. -- Blaise Pascal

Close