Due to the proliferation of comment spam, I've had to close comments on this entry. If you would like to leave comment, please use one of my recent entries. Thank you and sorry for any inconvience caused.
You are here: Home > January 2005 > Phishing

January 19, 2005

Phishing

Posted at January 19, 2005 02:48 PM in Computers , Disturbing Stuff , Rants & Raves .

This morning's email brought quite a surprise! It was supposedly an email asking me to confirm my account with Washington Mutual. If I was ignorant of the many tricks used to get consumers credit card numbers and other personal information, I might just have fallen for this scam. If you click on the link they provide it will take you to a very good imitation of the company's website. The first thing I noted was that it wasn't a secure website. At the top where the url is displayed a secure site starts off with "https://" the second thing I noticed was the url itself. It was "http://www.sexlml.com/wamu/" I've been to the Washington Mutual Website many times and there was no "sexlml" anywhere in the URL. Thirdly I know that a legitimate business will never ask you to provide financial information through an email.
Here are six things you should do to protect yourself:

- Be suspicious of emails with urgent requests for personal financial information.
- Do not fill out forms in email messages that ask for personal financial information.
- Do not reply to email messages that ask for personal financial information.
- Avoid using links in email to get to Web pages, especially if you suspect a message might not be authentic.
- Ensure that you only use secure Web sites to submit credit card or other sensitive information.
- Regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.
I have also received phishing requests about EBAY, PayPal, and from credit card companies.
If you receive a phishing email you should call your financial organization and ask them where you should forward it to. Washington Mutual has an email address for spoofs. It is spoof@wamu.com

Here is the email in it's entirety: Also note the misspelled words in the message, that is another clue
Security Center Advisory!
Washington Mutual is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, Washington Mutual employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the Washington Mutual system for unusual activity. We recently have determined that different computers have logged onto your Washington Mutual Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us. If this is not completed by Jan 25, 2005, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. In order to confirm your Online Bank records, we may require some specific information from you. Please follow the link below and renew your account information : https://login.personal.wamu.com/logon/logon.asp?dd=1&Update&Your&Info Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account. We apologize for any inconvenience. If you choose to ignore our request, you leave us no choise but to temporaly suspend your account. Thank you for using Washington Mutual!