In between tracking down the final few rogue calendar entries that refused to update this past Friday night, I checked my gmail and had two "phunny" e-mails. Most Phishing e-mails are pretty easy to spot and understand the angle that is being shot. The first one I got (on my work account actually) is the standard type:
Dear Telus member,
You are receiving this email with regards to your personal account.
Please read carefully before continuing as some vital information is being updated.
Your account is showing to be incomplete due to a data failure in our systems and you MUST provide us with a correct information within 48 hours of receiving this email.
Failure to comply will result in account termination.
To update your account provide us with the following datas:
1. Maiden name:
2. Primary and secondary email address:
3. Account Password:
Ensure the informations are correct carefully before submitting it, mistakes can terminate your account.
Thank you for your support.
Account Supervisor Team
The grammatical and spelling errors usually are a pretty good tip that something is not right. If you are a major company and you are sending a communication to all your consumers, don't you think that it would go through at least one or two reviews and someone would catch the "informations are correct" and the "provide us with a correct information"? Secondly, a close look at the Sent From "Support@telus.net" and the Reply To "Please respond to firstname.lastname@example.org" fields are another big red Stop sign. Finally, how many times are people warned that, "XYZ will never ask you for your password and blah blah blah"?
I guess there are enough complete and total morons on this planet that these horrible phishing e-mails are +EV for the creators.
The second one I received, and the motivator for this post, was a little more interesting. I am curious what the angle is here. Driving traffic to a site for ads? Hosting malicious code and driving my browser to it so I can be infected? It does not ask for any info... but it caught my attention in the Inbox:
From: Beat me (email@example.com)
Subject: Beat me in poker and I 'll pay for your trip to vegas
Hey Bud ,
I heard on the boards you are a preety good Poker Player.
well, I can beat you ass in any type of poker and mostly texas holdem any given day.
Come visit me in my favorite poker room, get a decent bonus and the best of all,
If u beat me in the game I will pay for your Trip to VEGAS!!!
look for user 'playpokerwithme'
See you Tonight on http://www.geocities.com
In addition to all the unanswered questions above, the most lingering and perhaps most important is - Could firstname.lastname@example.org beat me ass in mostly texas holdem?