Here's the Thing about Phishing...
Phishing (fish´ing) (n.) The act of sending an e-mail to a user, falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.Hey, I get this stuff all the time. "eBay" contacts me. "Amazon" contacts me. Heck, "Citibank" even contacts me, and I don't even have any dealings with them.
You know, that's all well and good and I know there are assholes out there trying to steal your informaion for personal gain. But you know what's more insulting? That these guys don't even proofread their scam emails or consult with someone who has a decent grasp of the English language before sending them out. Talk about tipping your hand!
Let's take this recent one I received from "Amazon" as an example. I just can't help thinking that a big company like Amazon not only wouldn't lose my information (given that they remember every purchase I ever made and try to solicit more goods to me based on those selections every time), but they also would hire at least a low-level copywriter to handle delicate matters. You know, delicate matters like having to break it to their customers that they lost their personal information. And this copywriter that I am conjuring up, even if right out of copywriting school, would not release a piece of shit like this:
At the last reviewing at your amazon account we discovered that your information is inaccurate.
OK, pal, I think you need to capitalize "Amazon" and a little thing called a "comma" belongs after the word "account."
Furthermore, what kind of "reviews" would anyone at Amazon be doing of my account. And, how would they possibly know that the information is inaccurate? Inaccurate based on what? "We've reviewed our records and just have a hunch that you probably don't still live where you did last year."
Also, wouldn't it be at the last reviewing "of" my Amazon account? How could they implement a review "at" my Amazon account?
We apologize for this
You need another comma, dude.
but
A comma should also go here to set off this part:
because most frauds are possible because we don't have enough information about our clients, we require this verification.
OK, first of all, that's an ass-ugly sentence that is awkward and cumbersome. "Because most frauds are possible?"
Also, what they're trying to say is that "most frauds" at their company are "possible" because they lack information; not frauds, in general.
Which also doesn't explain why having "verification" of my credit card number will help protect me. "Oh, no! That's not his credit card number that he verified." Who cares? If they want to put something on a credit card that isn't mine, I won't be liable anyway, right?
Please follow this link to update your personal information:
OK, asshole, am I "verifying" or "updating" my information? Yeah, I understand what they mean, and I'd accept this kind of talk in casual conversation or on something like a personal blog, but this seems kind of unclear and I'd think such a sensitive topic would be explained more carefully in an "official business email" like this one.
(To complete the verification process you must fill in all the required fields)
You could probably use another comma in there. Or, better yet, you could forgo the comma and just say it using an active voice: "You must fill in all the required fields to complete the verification process."
Either way, a period, inside the parentheses in this case, is in order. Better yet, why is this a parenthetical statement at all?
Also, doesn't describing fields as "required" indicate that it must be filled in? Isn't this fancy-speak pretty redundant? "You must fill in all the fields" would work better. Or, in the case that not all of them are required, I think that when we get to the form, the red asterisks next to the "required fields" that refer to a footnote saying "required" pretty much spell it out.
Or, better yet, I would assume that a big shot company like Amazon would set up their server-side scripting to not accept the HTML form without the required fields filled in. Hmmm?? Haven't we all tried to avoid giving personal information when we sign up for something, only to have the form get kicked back with the appropriate fields highlighted for us to revisit? Making a field required is no big deal, and big e-commerce companies don't have any issues with it.
Please note: If you don't update your information within next 48 hours , we will be forced to suspend your account untill you have the time to contact us by phone.
Yeah, I think you should have gotten rid of that extra SPACE after the word "hours" above. Also, "until" only has one L, not two.
Also, how about the 48 hours part? Seems a little urgent, doesn't it? Where's the fire? Some of their customers don't even check their email every 48 hours. "You've got 48 hours to fix our problem or we're going to suspend your account!"
And, yeah...I've just gotta admit, the entire sentiment just doesn't sound much like something a professional organization would say. How the fuck do they know if "having the time" is an issue for me or not? Maybe I'm ready to call them right now. If this was really from Amazon and they fucked up by losing my information, don't you think they'd either a) just ask for it again when I went to buy something, or b) kiss my ass by making an assortment of options available to me? Regarding the latter, I mean they would probably say, "You also may update your information by phone," and then they'd provide me with the phone number to call and the hours when someone in their customer service department would be available to take such a call. Being that they have millions of customers—many that you'd assume are ones similar to me: people who they "don't have enough information about"—I would think they'd have possibly an entire department set up just to fix this problem and field the calls coming in. And I'd also expect a phone number provided "if you have any concerns or questions about this verification process."
We apreciate your support and understanding, as we work together to keep amazon market a safe place to trade.
OK, wait a minute! Who the fuck said anything about "trading" or the "Amazon market?" I thought we were talking about Amazon, in general? You know, the place where you can buy books, CDs, electronics, and things that are brand new?
And I don't know much about it, but I'm pretty sure it's called "Amazon Marketplace" and it involves selling your stuff. There is no "trading" involved. They make it sound like we're bartering over how many beaver pelts we need to pony up to get that exclusive badger skin cap at the ol' trading post. You know, I'd just think Amazon would be more on the ball with this stuff.
Thank you for your attention on this serious matter and we apologize.
You're welcome, and that's "attention TO this serious matter" that you're thanking me for. Man, for a company that made its mark by selling books, they sure seem to have issues with prepositions.
And...um...well...that's the end of the email. You know what's missing? A signature! Who is apologizing to me? Wouldn't you expect such a "serious matter" to be coming from someone with a name and title? Perhaps the "Director of Customer Security, Amazon.com" or maybe the head of sales or even the company Vice President? I would.
Oh, and if all this wasn't enough, the email was completely generic and not even addressed to me personally. Trust me, Amazon has my name and everyone else who buys from them in a database. They would have added a variable to their email and had the customer addressed by name, similar to how your bank sends you letters with your name on it, even though they're form letters.
In summary, we've all been warned countless times about these scams. We've all gotten the real scoop from the real companies that assure us they would never send an email that "asks you to enter or verify your personal information." But some of these scams are just so poorly done that I can't believe that anyone could possibly fall for them anyway! I almost feel like anyone who fell for, as an example, this particular "Amazon" scam basically deserves what he or she gets for being so mullet-headed.
This was just awful. It's like a magician trying to trick me into thinking he's flying through the air, but instead of being held up by nearly-invisible fishing line, he's being wafted about via a tug-of-war rope. And, it's neon orange.
And, to my dear readers, I've lost all your email addresses, so please respond to this post via the "comments" section and post your emails and credit card numbers for me to verify.
posted by Steve @ 1:18 PM
5 Comments:
I think the writers and editor from my school paper go on to writing things like this.
After all, we evacuated our buildings during the tornadoes last week. *nods*
I have only one thing to say: beaver pelts.
Very funny.
Hmmm, I am wondering if these people know the people from the credit card company that call my mothra and ask for fry-eeda ruth (her name is frieda roth) or ask for carol ruth my dad (carl roth). Of course I could never pronounce their name either (Apu Nahasapeemapetilon)so, I'm thinking it might be all fair? NO... I don't live in India, thankyouverymuch.
I just pretend I'm mothra or dadzilla and then proceed to confuzzle the hell out of the people calling, by the end they are glad I don't want credit protection.
My email is T at the internet slash google dot yahoo slash gov
and my credit card number is 4
T
My email is T at the internet slash google dot yahoo slash gov
T, GMTA and all. You stole my line. I should feel like highly offended that you stole my line. I should, really. But then I didn't come up with the line in the first place, Craig did, so I guess that takes away my right to be offended.
The scary part is... I HAVE all these accounts, so I'm constantly having to do a reality check to see if this may be an actual e-mail. Some I don't bother with, like the Ebay e-mails sent to my work address which they don't have, but I just got one from Paypal that actually scared me enough to make me close the e-mail, open the browser separately and sign in to check my account. Bastards.
On a related note, the same thing happens on lower-quality singles sites. I'm on this one called Lavalife, which is free to sign up to and create a profile, but costs money every time you want to contact someone. So these porno sites an other singles sites set up dozens of fake profiles, then when someone contacts them they are given this bullshit story and told that if they want to get to know them better they should go to "this other site". Riiiiight. Problem is you've already spent your credits trying to talk to what you thought was a real person. The best is when you contact 2 or 3 people not even in the same state, and they all send you the SAME EXACT MESSAGE!!! Same name and everything!
Not...that.. that's ever happened.... to.... me. (looks around, whistles..)
Post a Comment
<< Home