Another Phishy Note

My Yahoo! email address, which I use primarily for registering at sites but never for anything of value or importance, gets mostly spam. One of the most consistent, and insistent notes I receive is to veerify _your_ _E-MAIL_ addres.

Now, one would think that one would run your fraudulent email through an English language spell checker before sending it out. Now, I don't know what the sender's home language is, for whatever reason I keep assuming it's Dutch.

Anyway, again, if you receive a note like this start with the most common sense thing: If it indeed was from Citibank, and they were trying to verify e-mail addresses, and it's a world fraught with fraud left and right, would you use a medium which has a history of being trustworthy like the postal system, or would you use a medium which had a little history of being trustworthy which evaporated about ten years ago.

Common sense

That's all it takes, but people seem to be lacking it online these days.

The full text of the email is posted in the extended entry. I'm not going to dissect it now, I did that with Yahoo! Wallet Scam in September 2003 and More phish for thought.

Ok, I lied, I'll add this bit of analysis: the link to click on seems to rely on a new bug in some browser, instead of the userid:password@fraud-website.domain hack. I will decode the URL and update this later, since I'm allegedly trying to drive to Chicago today.

Here's the complete email:

X-Apparently-To:	 USERNAME@yahoo.com via 216.136.129.139; Thu, 08 Apr 2004 21:31:12 -0700
Return-Path:	
Received:	from 218.61.21.206 (HELO gmx.de) (218.61.21.206) by mta135.mail.dcn.yahoo.com with SMTP; Thu, 08 Apr 2004 21:31:05 -0700
Received:	from bigfoot.com (mail-kr5.bigfoot.com [211.115.216.252]) by gmx.de (Postfix) with ESMTP id D993E5B86A for ; Fri, 09 Apr 2004 12:23:58 -0400
Message-ID:	<6.0.0.22.1.20040409122358.ab978b1a@bigfoot.com>
X-Sender:	growling@mail-kr5.bigfoot.com
X-Mailer:	QUALCOMM Windows Eudora Version 6.0.0.22
Date:	Fri, 09 Apr 2004 12:23:58 -0400
To:	"USERNAME" 
From:	".Citicard."   Add to Address Book
Subject:	CITI_bank {Email} Verificationn - USERNAME@yahoo.com
MIME-Version:	1.0
Content-Type:	text/html
Content-Transfer-Encoding:	7bit
X-Virus-Scanned:	by Ameriserv.net Anti-Virus E-Gateway
Content-Length:	846

_Dear_ Citi-bank Card-holders,



ThIs email was sent _by the CitibankOnline sevrer to
veerify _your_ _E-MAIL_ addres.<br>
You must complete this process by clicking on_the link 
beelow and enttering<br>
in the litle winddow your Citi
ATM/Debit card number and _PIN_ that<br>
you use on the ATM Machine.
That is done for_your protection -Z- because some_of_our<br>
membres no_longer have access to their E-MAIL addersses
and we must verify it.<br><br>

<a href="http://www.google.com/url?q=http://www.google.com/url?q=http://%6e%66%64%6b%6f%6764%67%252e%44%61%252e%72%75%252f?%45%49%41%6c%68%46%75%50%6d%55%6a%4c%6d%70%50%54">http://e-mail.Citi_grouponnet.biz/?tTHL1LgUfIYuZUtEE31WIwL6p7TNyIx1re</a><br><br>

To verify your E_Mail adress and access your_ OnlineCitibank<br>
account, clic on the_link beloow.<br><br>

Mu04ogMmJMhdr<br><br>

Posted by: e.p.c. on April 9, 2004 10:34 AM |

«Early Termination | Main |Content-encoding: gzip »

Comments

Klaus Johannes Rusch added:

They may look like inadvertent typos or indications of a lack of language skills, but more likely the mistakes were introduced deliberately to defeat spam filters.

Saturday, 29 May 2004 9:21 GMT

Archives

:
:

Enter your email address:

Delivered by FeedBurner