My email address shows up in a lot of public places, including domain registration records, hundreds of USENET posts, magazine articles, and various web sites. As a result, it has been harvested by every spammer known to mankind, and I get a lot of bad email.
This includes more than just spam. I show up as the return address in tons of virus attacks. I have a Gmail filter that automatically trashes email that looks like this:
*********************** ------------------ Virus Warning Message (from gemini4.ieee.org) Found virus Possible_VBSDrpr in file private.hta The file is deleted. If you have questions, contact firstname.lastname@example.org *********************** Hi!!!!! You haven't been writing for a long time. I began to worry) Where have you been? You remember, you've asked a progy from me? I've finally found it, so here it is. Check it out if this is what you've been looking for... bye
In this case, some bot sent a virus-laden email with my return address. The server that caught the virus sent a response back to me, foolishly trusting the fake return address. These bogus rejections account for more than 50% of my trash folder!
Like all of you, I also get a lot of phishing email, messages of various levels of sophistication designed to look as though they originate from legitimate businesses. However, instead of connecting their trusting victims to a legitimate business partner, they instead route them to bogus web sites where crooks can harvest their credit card numbers, user ids, PINs, and passwords.
Today I got one that takes the concept to a new level:
Dear American National Bank of Texas Member , Due to the recent phishing attacks targeting American National Bank of Texas we are currently launchinga new security system that will improve the level of member service we can provide to you. To update please call Customer Service to : 989-785-XXXX To complete update please enter you 16 digits card number , expiration date and 4 digits PIN after the bip and we will return your call in the next 24 h . Failure to authenticate your account may result in account malfunction, slow online experience or your account will be SUSPENDED . To enhance the security when accessing your on-line accounts, American National Bank of Texas has implemented an additional layer to our on-line security system. You may be requested to answer security questions in order to complete your log in to American National Bank of Texas Online Banking. Please do not reply to this message. For any inquiries, contact Member Service. Copyright © 2007 American National Bank of Texas. All rights reserved.
This looks like any other phishing message, (including a number of endearing malapropisms,) but in an attempt to carve out a new layer of legitimacy, these evildoers are using a voice response system to try to grab a credit card number and PIN. They’ve got a phone number that has a legitimate Michigan area code, and the usual brazen email approach.
However, once you complete the call, the heavy foreign accent really ruins the effect. Given the pretense that this is a bank in Texas, I expect either a cowboy twang or a flat, professional, midwest business voice. Instead I get a vaguely central Asian-sounding young male, not exactly the type to engender trust in an anonymous credit card transaction. Listen up and see what you think.