Phishing – Still Alive And Well

Worst_phishing_message_ever_2

The combination of our spam service and Outlook junk e-mail filtering does a pretty good job of  keeping the really bozo emails off my desktop.  However yesterday and today I received copies of the message above.  This was interesting for two reasons:

  1. Are spammers and phishers still using bad grammar?  That is so 2004…
  2. The number is a 210 (San Antonio ,TX) number.  That would be a strange area code for a phisher to randomly select since San Antonio isn’t that big of a market.  So I can only assume that whoever spammed me with this message knew that I am located in San Antonio or at least in Texas.  Interesting!  And scary!

If you call the number an automated voice prompt asks you for your credit card number, expiration date and your PIN.  They don’t seem to do any validation (for example, my credit card number isn’t “1234567890123456” and this didn’t seem to mind) but after you run through all the prompts they tell you that your account has been reactivated.  Re purposed may be a better description…

The combination of email and the automated voice response system was a nice touch, but I really hope that people aren’t still falling for stuff like this.

–Dan

<PUBLIC_SERVICE_ANNOUNCEMENT>

DON’T CALL THE NUMBER IN THE EMAIL ABOVE AND GIVE THEM YOUR CREDIT CARD INFORMATION BECAUSE THEY WILL PROBABLY START FRAUDULENTLY CHARGING THINGS TO YOUR CARD OR AT LEAST SELL YOUR INFORMATION ON AN ONLINE MARKETPLACE

</PUBLIC_SERVICE_ANNOUNCEMENT>

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *