I get hit regularly by phishing texts and emails.
Let’s back up a bit.
Phishing (like fishing) is when person or computer casts out a nice juicy piece of bait, in hopes that they’ll get a bite. Here’s an example. Back in 2001, the company I was working for was taken down by the Anna Kournikova email scam. You can read about the details of the scam here.
Here’s a summary from the tech monitor article.
All the forwarding brought down our email servers. Apparently quite a few folks were excited to see Anna.
Volume
What makes phishing so effective is the volume of emails sent. We get the Anna K email and we think “Hey, what Jackass sent me this?” and we delete it. At least that’s what we tell people. In reality, millions clicked on the image.
Anyway, those were the old days, today, we’re more sophisticated…
But back to the point, we may think it’s one jackass sending this, but it’s likely a foreign criminal organization that sends tens or hundreds of millions of copies of the email.
Email lists are easy to come by. We can purchase these legally for “marketing purposes”.
And then we download “marketing” software that sends an email to every ID on the list.
Easy.
Sophistication
We’re getting smarter. We are starting to recognize the patterns. See my post here.
The problem is that the criminals are also getting more sophisticated. They’re using information that they can hunt down on the web about the folks in the mailing lists to make the phishing email seem legit.
I rented a car in Florida. All the highway tolls are pay-by-plate and the rental agent let me know that I’d get notified of any tolls I owed. Sure enough, shortly after I returned home, I got a text asking me to click and pay tolls.
Could be a coincidence, but I suspect some smart computer somewhere linked my car rental info with my cell # and targeted me for this particular scam because it knew I’d be expecting a legitimate toll expense.
Again, send out hundreds of millions of requests and you’re bound to catch a few people.
Laziness
Unfortunately, whether it’s laziness or the economy and lack of funding for better phishing tools and data, some criminals are taking the easy way. Here’s what I got in my email today.
Frank Should Be Ashamed
The only Frank Higginbottom that showed up in my Google search was a dentist. If I add “attorney” to my search criteria, I find his sister Felicia.
Strike 1. At least find the name of a real lawyer in Canada. That’s just plain lazy.
Junk
Even Apple knows this is junk. It went right to my junk folder.
I also got a copy of the same email in my gmail account. Due to the urgency, Frank is trying to get in touch by any means possible.
Why is this sent to a mailing list called undisclosed-recipients? That seems strange.
And it’s not actually text, when I click on the words, it’s an image file. Did Frank scan it in and send it?
Why did he capitalize the “L” in Late Clients in the middle of a sentence? Sometimes the “L” is capitalized, sometimes the “C”, sometimes neither. And how about an apostrophe??
Bad punctuation and capitalization is a dead give-away. Frank should have Felicia review his emails before sending. Especially ones involving large sums of money.
The Plot Thickens
I’m excited while reading. I could use the $17 million. I’m on a fixed income.
And while I’m not familiar with Canadian banking law, I find it suspicious that someone with the same last name can show up at a bank and claim millions of dollars. Maybe if they’re represented by someone as trustworthy as Frank, this is allowed?
Wrap Up
I’ve got a busy week and I’m unable to trek up to Canada so I will need to decline Frank’s offer. Hopefully someone else on the list will accept.
Seriously, put in a little effort. This effort was poor even in the Anna K days.
Quick story. My mom (who’s 89) had a friend Hector who was great at spotting these scams but would always respond with “I’m going to contact them and set them straight.”
Unfortunately people of that era, while they may identify a scam, they often don’t realize the point of the scam has nothing to do with the $17million, it’s about getting a reaction.
The point of phishing is to get a nibble. Once a criminal finds someone who’s willing to interact, then they can up their game and better target them.
OK, so maybe I won’t respond to Frank’s offer, generous though it is.
With all the tools and information available today to even the most unsophisticated criminals, I’m ashamed for the folks that felt this email was a legitimate phishing attempt.