The Embarrassing Anatomy of a Phishing Scam

You’ve got to hand it to scam artists. They often succeed in spite of themselves.

If I had a nickel for every time I retrieved a message from my inbox warning me that my PayPal account has been limited, or that my credit card has been suspended, well, I’d have at least $100 bucks in my pocket right now.

Don’t scoff. That’s 2000 nickels!

This afternoon it happened again. I got an “urgent” email from VISA and MasterCard — apparently they are now one company — to tell me that my credit card was suspended.

By the way, they didn’t identify whether they were referring to my VISA card or my MasterCard, but why worry about important details like that?

Of course, they wanted me to supply them with all my critical credit information, including my credit card number, mothers maiden name, social security number, security code, pin number and password.

So I gave it to them.

Just kidding.

It would be funny, if only it weren’t so sinister.

Which is why I thought I’d take a moment to point out just how lazy these thieves usually are when it comes to trying to make a quick buck, by showing you a screen shot from the aforementioned phishing scam that hit my inbox today.

The good news is the scammers’ laziness usually provides most folks with enough obvious clues to realize that something is probably amiss.

True, there are a few cyber criminals out there who make their phishing attempts much more professional, but if you stay vigilant it’s tough to get fooled. Remember, credit card companies and banks will typically never send you an email message that requests your personal information.

And folks, if you ever have any doubts regarding the veracity of any message in your inbox regarding your credit or debit cards, call your bank or credit card company directly.

(You can click on the image to enlarge it.)

Photo Credit: Iain Wanless



Comments

  1. 4

    Mindimoo says

    My favorites are the ones where a Nigerian prince offers me millions and millions of dollars. Of course he would choose me, of all the people in the world. :)

  2. 5

    says

    My favorites are the ones that tell me I won a European lottery- one where you don’t have to play, they just pull your “number” and you win. Considering I’m not a resident of any European country, I have no idea how I was assigned a number for the lottery, but by golly, my retirement plan is winning the lottery, so I should provide them with all my banking information so they can deposit my winnings…

  3. 6

    says

    I read an article about phishing recently and the author claimed the misspellings and mistakes are in the phishing emails on purpose. The theory was that perps are looking for gulible people and try to weed out the people who won’t follow through with the scam. It saves them time.

    I’m not sure if this is true or not, but I thought it was interesting. I wish I had a link.

  4. 8

    says

    My email client doesn’t parse the HTML unless I ask it to so I see the source. Scroll down a bit and you find where the form is posted to and it isn’t the people it should be to!

    Some are quite good though the Nigerian or whatever scams are getting quite boring now.

  5. 9

    deRuiter says

    A lot of successful scams of this type go through Craigslist. Tips offs are “I want bo buy your item, (never mentions what item is) please send info…” and about places for rent, “I’m a doctor moving from England and I need your apartment / house / condo, please send details, consider it taken, please remove advertising so i will know you are sincere in wanting to sell / rent to me.” In the end their “assistant” ACCIDENTLY sends you a check for more than the amount, and you must immediately WESTERN UNION WIRE THE OVERAGE back to them to cover some emergency, and the sheep to be shorn do that. Then of course the original check bounces and your bank wants the money or you go to jail.

  6. 10

    Doug Blasco says

    It absolutely amazes me that anyone in this day and age would actually open the email, let alone respond to it.

  7. 11

    says

    Someone told me a while ago, that these people are smarter then you think… because there is a reason why there letters are so bad…. because they only want the retards….smart people won’t fall for a scam… dumb will.. and they are triggering the dumb to get a lot more cash….

    • 12

      Len Penzo says

      Well … you’re the second person to bring that up here. Although I was skeptical the first time I heard it, maybe there really is something to it.

    • 13

      Joe says

      I have heard this too. The thought being that if it looks super legit a lot of people will follow up on it, but not just instantly hand over the important information. The perps will spend a lot of time corresponding with people who will ultimately call the real company etc and figure out it is a scam long before handing over money/personal information/whatever. But if it is obviously fake to most, those who reply are only those without enough common sense to be tight with information needed to exploit them.

  8. 14

    deRuiter says

    With Craigslist you never know in advance which emails are legit. Some of the real emails from real customers end up in the SPAM folder, and some of the fake ones come through into your email box, so you need to open them all. I’ve sold a lot of things to customers whose Craigslist emails have been fished out of the SPAM folder. And I’ve ignored a lot which come through as regular emails. 99 times out of a hundred I don’t bother with those. On a slow day I might offer to write them a better email which will allow them to pluck more pigeons, for the modest sum of a hundred dollars. Or I inquire about how the weather is under the palm tree in Nigeria as they labor over a hot, bicycle peddal powered computer. Come to think of it I don’t kinow if they have palm trees in Nigeria. Money is meant to move around, it is productive that way, not productive to keep it under your pillow. Those who get scammed by these transparent ploys will either learn the hard way, or be scammed again. “The Government” will not protect you, even if you think “The government” will. It is up to the individual to protect themselves, whether from Internet scams, food shortages, or violent home invaders. Waiting for “The Government” to help you is whistling in the wind.

    • 15

      Len Penzo says

      Believe it or not, I’ve responded to almost a dozen of these Nigerian scammers over the past year to document exactly how they work. Our email exchange usually goes back and forth over a few iterations (at best) before they figure out that I’m not a legitimate mark. Then they stop responding to me.

      The longest exchange I had went on for a couple weeks (it was one of those “Secret Shopper” scams) but broke down after he refused to accept my blog’s PO Box as a mailing address. He insisted on my home address.

      I have kept all of these exchanges. I think I’ll share them here soon in a future post.

  9. 17

    Lola says

    The best one I ever got went like this:

    I am an assassin and have been paid by your enemy to kill you. He has paid me (xxxx amount) to kill you. Unless you pay me the same amount, you will be dead within 7 days.

    It went on to say he knows where I live and work, threaten my family, etc. I was in giggles for HOURS! :)

  10. 18

    says

    I got an email from the head of the FBI which is odd since I live in Canada. At least make an effort. You claim to be the head of the FBI but you have a yahoo email account.

    • 19

      Earl W. says

      LOL! My favorite was similar. The email said that I owed thousands of dollars in back taxes and if I didn’t pay I would have my assets seized and be arrested. Luckily though for a limited time the government was offering to settle for only $400.

      Naturally, the IRS’s preferred payment plan was to send the money western union directly to the IRS agent who was emailing me. From his excite.com account. So apparently not only had the IRS agent hunted me down from his personal account, he had done so through the fabric of space-time and was hunting me from approximately 1997.

      Needless to say I was hesitant to send the full amount immediately, so I guess I have been on the lam ever since. Please don’t anyone turn me in ;)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>