I remember the first time I got a phishing request from a bank. Not only was it a bank I had never done business with, I had in fact never heard of them. I looked into it, and sure enough they were a real bank… but that didn’t change the fact that I did not do business with them.
In the twelve or so years since (have they really been around that long??) I have gotten hundreds of them, most of them are blocked by my spam filter but some of them get through. Of those, only once or twice did I get a phishing attempt disguised as a bank I do actually do business with them… but the glaring mistakes made it obvious, even if I did not look closer.
As I got to my office one morning this week my phone beeped with the following e-mail:
I do have a credit card with TD, and while I had not used it for several months, I did use it to pay for my parking this morning… the first time I used it in months. So while it might have been reasonable for them to contact me with a security issue, most phishing attempts are still pretty easy to detect… to someone who is looking for them.
When I hovered over the Verification Link I got a completely ridiculous URL… what the heck would TD Canada Trust be using makeup-artist-hansen.de for? No way. And besides, let’s take a look at the original mail header again:
Who the heck is zimbra1.misterweb.it? Definitely not a good sign.
Here’s the long and the short of it… If your bank is worried about you, they might call you but they will never e-mail you and tell you to ‘click here.’ By the way, when they do call you, they won’t ask for your password… although they will ask for information that will confirm who you are.
It is sad to think that phishing scams are still out there… because if people didn’t get caught every day, they would have stopped a long time ago. It is a sad reality, and I can only hope that my readers are more informed than the folks getting duped. But if you do hear about someone getting phished, send them here and have them read up on it!