Tuesday, February 26, 2008

Teaching users to be phishing victims

I received the following (genuine) message from PNC Bank today (somewhat edited for length):

At the end of the PNC Save and Win Sweepstakes, [...]

If you don't have a PNC Statement Savings Account, open one today online, or by visiting any PNC branch or by calling 1-800-762-5684.
OPEN ONLINE -- https://www.pnc.com/webapp/unsec/Blank.do?siteArea=/PNC/Home/Personal/Savings/Savings%2bOffers/saveandwin&WT.mc_id=SAVWIN08_Email_0001
LOCATE BRANCH -- https://www.pnc.com/MapQuest/mqlocator/MapQuestSearchInit
[...]
LEARN MORE -- https://www.pnc.com/webapp/unsec/Blank.do?siteArea=/PNC/Home/Personal/Savings/Savings%2bOffers/saveandwin&WT.mc_id=SAVWIN08_Email_0001

[...] Emails from PNC are intended to inform you of our offers, promotions and updates. PNC will never ask you for confidential account information to be sent by unsecured email or provide a link in an email to a sign on page that requires you to enter personal information. If you need to communicate sensitive customer information to PNC, you should go to pnc.com, sign on to Online Banking, and communicate with us via the secured messaging center.
[...]
This email message may contain an advertisement or solicitation. If you no longer wish to receive such messages from PNC, click below to Unsubscribe.
https://pnc.p.delivery.net/m/u/pnc/uni/p.asp

Review the PNC Bank Web Privacy Policy by clicking the link below.
http://www.pnc.com/webapp/unsec/Solutions.do?siteArea=/PNC/Privacy+Policy

NO PART OF THIS PUBLICATION MAY BE REPRINTED WITHOUT WRITTEN PERMISSION.
The text in red is an attempt to combat phishing a bit, but generally this is a terrible idea. Other than spelling errors, it has all of the usual characteristics of a phishing attack.

As for their "no part of this publication" notice, tough luck, PNC - don't send phishing messages!

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home