Phish: November 2008 Archives

There seem to be quite a lot of these doing the rounds at the moment:

Click to Enlarge

They've not done a very good job with this Phish - they display an obviously fake URL, for one thing - but they do get some bonus points for attempting to lure the end-user in:

"You've been selected to take part in our quick and easy 9 questions survey.
In return we will credit $20 to your account - Just for your time!"

Sounds tempting, right?

Click the link, and you find the deal has suddenly sweetened - you're now being told the offer is for $90, not $20 - courtesy of an extremely slick looking phish page:

Click to Enlarge
The red text on the right that says "Capital One will add $90 credit to your account just for taking part in our quick survey." is actually a scrolling ticker. Of course, the survey itself is just fluff - the meat of the scam is directly underneath:

Click to Enlarge

As you can see, a spectacular grab for personal information. Name, address, Mothers Maiden name, phone number....the works. Directly below, they want your full card details, the number on the verification strip, your social security number and even your ATM Pin number. Note how they keep up the pretense of this being a real webpage (asking you if you want to sign up for an "EMail Newsletter" inbetween the different sections).

The URL to avoid is

The site has been reported, and will hopefully be offline soon.

Not the newest scam on the block, but it does seem to be currently doing the rounds so it's worth highlighting. If you're sent an EMail with the same title as this article, with content that looks like this (usually sent from a random Hotmail account):

Click to Enlarge

...then delete it, it's a scam.

I'm not sure why, but I'm being sent an awful lot of Phish mails this month. The latest one takes you to

The page is a typical Paypal phish, though they're not actually interested in obtaining your Paypal login in the slightest. They're after something a little more personal.

Click to Enlarge

Note that in addition to your name and address, they're also asking for your social security number. Not a particularly new idea for a scam, but still not a good thing. The creators have made some basic errors which will cost them potential victims, though - they assume the victim receiving the mail lives in the United States, and they also have a few typos in there - enough to set off alarm bells for those not specifically targeted, with any luck.

Click to Enlarge The site is currently offline, which is probably just as well...


About this Archive

This page is a archive of entries in the Phish category from November 2008.

Phish: October 2008 is the previous archive.

Phish: December 2008 is the next archive.

Find recent content on the main index or look in the archives to find all content.