pecunium: (Bandit)
pecunium ([personal profile] pecunium) wrote2007-11-08 05:08 pm
  • Add Memory
  • Share This Entry

Oh, the chutzpah!

I got an e-mail today, and the absolute confidence of it was amazing.

Dear Bank of America Military Bank customer,

We regret to inform you that we have received numerous fraudulent emails which ask for personal
information. Please remember that we will never ask for personal information through e-mail or websites.

Because of this we are launching a new security system to make BOA Military Bank accounts more secure and safe. To take advantage of our new consumer Identity Theft Protection Program we had to
deactivate all 440893-XXXX-XXXX-XXXX cards.

To reactivate your card please call (641) 665 6388 and follow the steps.

Reactivation is free of charge and will take place as soon as you finish the process.

There are so many ways in which this is wrong, but I love the symetry of it.


hit counter
Flat | Top-Level Comments Only

[identity profile] katherinesummer.livejournal.com 2007-11-09 01:43 am (UTC)(link)
Clever. I wonder how many people get caught in this one.

[identity profile] pecunium.livejournal.com 2007-11-09 01:52 am (UTC)(link)
Not too many. One, the audience is limited, and two, it's built in such a way that it trips some awareness filters.

But mostly because we get told to deal with the BofA Card people through the Army people who do the co-oordination.

Since the cards are only active when one has orders, the risk is more of ID fraud, from revealed info, but if one goes in to see if the card is cancelled... that will prevent it.

If this were a regular bank card, it might be more worrisome a trick.

TK

[identity profile] porysski.livejournal.com 2007-11-09 02:20 am (UTC)(link)
For BofAMB customers, I admit that it's mostly an ID fraud risk. However, it looks to me like this phish is simply doing a lookup on who issues a given range of card numbers and inserting the appropriate bank name, and has probably sent out for a huge number of different issuers.

Fairly clever sliminess.

[identity profile] antonia-tiger.livejournal.com 2007-11-09 05:13 pm (UTC)(link)
Since I got two of the messages, both to .uk addresses, and with no trace of an actual card number, I don't think there's much thinking behind it.

I did consider the phone number. Surely that'll leave a trace for the perps to be tracked down.

Flat | Top-Level Comments Only