burring-bring….
buurrrrrrring-bring……..
Buuuuurrrrrrrrinnnng-bring………………
Wendy: HellooooOOHH, Wendy speaking, how can I help you?
Automated message (AM): This is Lloyds Bank calling to leave a message for [name of last occupant of the Wendy house, nolootwh], if you are [nolootwh] press any key
Wendy: (not being nolootwh I pressed no keys and waited in the silence pondering what to do next, after what seemed like days I decided to press any key out of sheer noseyness)
AM: please call (number I didn’t write down and can’t remember, then silence, I waited a few minutes then I hung up and searched the internet to discover why Lloyds were using such an odd method of contacting their customers. They aren’t, this was a phishing call)
A person called Yusuf wants to buy my unnecessary stuff. Yusuf has also offered me a highly paid job and to print my craigslist advertisements. I just need to give him my banking details first. Gosh! I’m so lucky to be offered all these things, thanks Yusuf.
Today I recieved an email from Lloyds TSB Bank in the UK
or did I?!
Luckily for click-happy me there are serveral things that make this an obvious phishing expedition. They are:
- impossibility. I couldn’t verify my log-in details if I’d wanted to, I’ve never had an account with Lloyds, TSB or any merged version of the two.
- impersonal. The email is addressed to ‘dear customer’ rather than a specific name.
- silly website address. All the hyperlinks from the email go to an address that starts http://miriamklemke.com rather than something plausible for LloydsTSB like their actual address, the suprisingly named: http://www.lloydstsb.com/
- a dashed silly unreasonable threat. The letter threatens to terminate my account if I do not verify my details.
The branding imitation, the layout and components of the email with the message ‘click-here’ to make sure you don’t loose lose your money are well produced, very professional.
Credit to the actual LloydsTSB, it was easy to find an address to report this fraudulent email.
Wikipedia describe Phishing as a Social Engineering technique where “Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication” the name probably derives from ‘fishing’ “alludes to the use of increasingly sophisticated lures to “fish” for a user’s financial information and passwords“.
Promise me you’ll be careful where you put your credentials….
