Thursday, April 26, 2007

Deep sea phishing

Walking into my office this morning I encountered this interesting e-mail. Apparently my ABSA account has been compromised – hang on, I don’t have an ABSA account. Strange. Anyway, you can see the e-mail below.

What is scary is that there are probably quite a few people out there who do have an ABSA account, who are not aware of phishing and who did get this particular e-mail.

According to Symantec there were 790 million blocked phishing e-mails between July and September of last year. If you think about how many e-mails do not get blocked things start to get a bit scary.

In the end it all boils down to education. Just like spammers, the people sending out these e-mails do so only because they are aware that they will receive reward. When the people who do follow the e-mail instructions stop creating a demand then we are sure to see a reduced rate of phishing attacks.

We recently noticed one or more attempts to log in to your ABSA account from a foreign IP address.
Because of this unauthorized number of login attempts on your account, we had to believe that there might
be some security problems on your account and we have suspended your account temporary.
So we have decided to put an extra verification process to ensure your identity and your account security.

ABSA Bank security department has request for your account information including
your registered e-mail address and the password to the e-mail address.
These will be use in our upcoming security enhancement, which will be taking place on the 30th of April 2007.

This Information is mandatory to complete your verification as a legitimate member of ABSA Bank.

However, you are required to use your computer keyboard and not the touch pad in completing
the step 2 of this verification.
Please take 5-10 minutes
out of your online experience and verify your personal records so that you will not run into
any future problems with the online service.

https://www.absa.co.za/verify/cgi-bin/webscr?cmd=_login-run

If you choose not to complete this request, you give us no choice but to suspend your account temporary.

It takes at least 72 hours for the investigation in this case and we strongly recommend you to verify
your account at that time.

Thanks for your patience as we work together to protect your account.

ABSA Security Department.

No comments: