This one has to be up there as one of the worst phishing attempts I’ve ever seen:
Subject: Attention! Several VISA Credit Card bases have been LOST!
I’m not even sure what that’s trying to say. All your base are no longer belong to Visa? Are they trying to talk about databases? The first step in successful phishing is to have your subject line make even the tiniest bit of sense.
Good afternoon, unfortunately some processings have been cracked by hackers,
so a new secure code to protect your data has been introduced by visa.
Wow, it’s pretty spooky that they knew I was reading this in the afternoon. Too bad about the processings getting cracked by hackers. Wouldn’t things get hacked by hackers and cracked by crackers? Maybe these are hackers who are confused about their identity and started cracking on the side?
You should check your card balance and in case of suspicious transactions immediately contact your card
issuing bank.
Well, ok, I’ll do that. Wouldn’t the suspicious transactions be on the card’s statement rather than the balance? The balance is a number, it doesn’t list transactions.
If all transactions are alright, it doesn’t mean the card is not lost and cannot be used. Probably, your card
issuers have not updated information yet.
So why did you make me do all the work of checking my balance if the card is probably cracked or hacked anyway? I love the way they pile up the negatives in that first sentence. You need to read it over a few times, or at least one time very slowly, to try to make sense of it. It makes the e-mail seem longer than it really is, which is a nice bonus to give the reader when you send such a short e-mail.
That is why we strongly recommend you to visit our web-site and update your profile, otherwise we cannot
guarantee stolen money repayment.
Thank you for your attention.Click here and update your profile.
Why not at least try to make up a reason that our profiles need to be updated? I mean, you give the “cannot guarantee repayment” line, but don’t you think that needs some made-up fantasyland reasoning behind it? “If you don’t update your profile, our repayment elves may not have your current address and will be unable to hand you a comically oversized check for the amount of money you lost.” Something like that would make everything make much more sense.
I don’t think there was a single sentence in the entire e-mail that was properly constructed. Not a single one that could have come from a real company.
And then let’s take the phishing URL itself. Most people at least go through the trouble of obfuscating it a bit, maybe put a username at the beginning of the URL so that they can have the site’s real address show up in there. Nope, not these brainiacs. Just an IP address. Their site was already down by the time I noticed this message in my Gmail spam folder (I get a lot of spam), so I can’t make fun of what was undoubtedly a terrible web site.
And then, of course, if you want to look at the message a little bit closer, you’ll see it was sent from China.
The sad part is, people are stupid. I bet even this scam attempt got a few people to fall for it. People: Be less stupid. Thanks.
[...] There seems to be a lot of interest today and yesterday in my post about the terrible phishing attempt e-mail I got a few weeks ago. I wonder if another round of identical e-mails just went out, so a lot of people are searching for it today? [...]