The Worst Day of Phishing

A time-honored adage says that the worst day of fishing is better than the best day at work. But judging from an email message I received recently, I’m wondering if its authors should have spent more time in the office polishing their lure before heading out to cast their phishing line.

By now just about everyone with email has read about scams that try to get you to surrender private information. The most successful ones look like they come from legitimate organizations that you have an established account with. The problem with all of the scams is that these organizations already have your name and other data needed for identity theft and don’t ask for it again—at least not in the way the email I got does.

I don’t see much phishing email. My ISP’s spam filters stop most of it, and my email program usually assigns the rest to a Junk folder. This one did get delivered to my inbox, although it was sent to one of my secondary email accounts.

The email purportedly is from Comcast (actually the comcast Member Services Team) and advises me that I need to update my “Billing Information.” Failure to do so, it warns, will result in “account suspension.” The email contains one grammatical mistake, several errors in capitalization, and a sentence that ends with two periods. Like this.. The clincher though is the link to the web page where I can apparently make things right. It starts with scriptsfreaks.com. (ScriptsFreaks, a freelance job marketplace, is legitimate, but that doesn’t mean every project it hosts is.)

Bored I clicked the link. The destination web page shows the Xfinity logo in a size large enough to identify one of their service vans. Below that is a form. There are blanks to fill in for billing address, credit card information, social security number, date of birth, and mother’s maiden name (a nice touch). But then the phishers got carried away. In section 3, the form asks for comments and suggestions and claims that the comments “will be sent to our trained staff for review.” No way would Comcast do that. ;) I was laughing so hard at this point that the only comment I could think of was the clichéd “Here you go, don’t spend it all in one place.”

It’s hard to see how anyone with a modicum of sense would fill out the form and click the Submit button. Does that mean the scammers will have the worst day of phishing ever? I hope so.