Wednesday, February 08, 2006

People never cease to amaze me.

Everyone at work and, likely, everyone in our mother agency (i.e. close to 9,000 people) received a phishing scam at work yesterday. This isn't uncommon - our mail filters knock out a lot but it's impossible to stop them all.

Dear VISA Credit Card Member ,

VISA Credit Card is devoted to keeping a safe environment for its community of consumers and producers. To guarantee the safety of your account, VISA Credit Card deploys some of the most advanced security measures in the world and our anti-fraud units regularly screen the VISA Credit Card database for suspicious activity.

We recently have discovered that multiple computers have attempted to log into your VISA Credit Card Online Banking account, and multiple password failures were
presented before the logons. We now require you to re-validate your account information to us. If this is not completed by February 31, 2006, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. In order to confirm your Online Bank records, we may require some specific information from you.

Please Click Here or on the link below to verify your account http://www.visa.com/verification/update/

Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account.

We apologize for any inconvenience.

If you choose to ignore our request, you leave us no choice but to temporary suspend your account.

VISA Credit Card Security Team

The links, obvious by running the mouse over them and glancing down at the window bottom, went to some cosmec.net site; not Visa. No surprise there, as this is an obvious phishing scam.

Yet, no matter how many times I have told my users that 99% of all such emails are scams, that there is nothing to be done, that online companies will NEVER ask for you to verify your account via email - for the love of all things holy and sacred just delete the goddamn thing - they will still, without fail, flip shit when things like this appear in their Inbox.

One clever fellow pointed out to me that Visa does not have his work email address so this was an "obvious scam". No shit, Sherlock.

One angry employee wanted to know what authorities he could report this "attempted criminal fraud" to, as it was a crime against he and the state. As if we've never gotten such things here at work before, and he's never even heard of a "phishing scam".

I tried to explain that this was not an isolated attack and that the email was likely sent out by a legion of zombie computers rather than a single person. Nothing could be done, it was a minor inconvenience, there were no worries if they knew - as they should - not to click on any of the links. Please, just delete it.

Yes, I could offer up a few places for them to report it, but why open another can of worms?

I shudder to think how many didn't even bother to contact me, but simply clicked on the links and offered up their user names and passwords.

Welcome to my world, eh?

---

- shanna bared her soul & griped a bit @ 5:08 AM
|

---