Wednesday, July 20, 2011

Anatomy of a Phishing Expedition

So close but yet so far:

From: denyed_ach@nacha.org [mailto:denyed_ach@nacha.org]
Sent: Wednesday, July 20, 2011 4:28 AM
Subject: Wire transfer id XXXXXXXXXXXXXXXXXXX
________________________________________

The outgoing Wire fund transfer that you placed 13.06.2011, was not processed by an intermediary or beneficiary bank.
Please click here to view report
________________________________________
This service is provided to you by the Federal Reserve Board. Visit us on the web at http://www.federalreserve.gov.
Some indicia of bona fides:

(1) NACHA is the Electronic Payments Association which manages the electronic payments network.

(2) Valid link to the Federal Reserve Board.

(3) Email text uses pretty good grammar with no obvious misspellings.

(4) A transaction from June I may have forgotten about.
But how many telltale discrepancies can you find:

(1) The word they were going for was "denied" in the email address denyed_ach@nacha.org.

(2) In communications to consumers, agencies in the U.S. do not write June 13, 2011 as 13.06.2011.

(3) There shouldn't be a comma after 13.06.2011.

(4) The click here hyperlink had bogus written all over it: http://reports-federalreserve.com/my_denied_wire.pdf.exe. That hyphen after reports means you are not going to the federal reserve website and that .exe after the .pdf means you are likely installing some vicious virus.
Note: Please don't try the link at home. I tampered with it slightly for those of you with the irresistable urge to cut and paste.

1 comment:

Michael Carver said...

It is important to recognize and avoid getting trapped by these phishing emails. Your dissecting of a sample phishing email can be a warning to all email users.

email encryption