Heh. Good 'ol phishing. The thing is, banks prefer written hardcopies where notices are involved & they don't send email notifications unless specifically requested for by the customer.
I don't suppose that in this case the phisher tried to spoof the bank's sender address as well? If not, then that the first warning sign. The 2nd sign would be that link. I've personally never come across any instances where my bank would actually ask me in any email notification to provide login particulars or to log in to e-banking sites much less providing links within the email to do so. It's these kind of emails which very much validate the first rule of email security - do not believe/comply with anything inside any unsolicited emails. Azharuddin Ahmad Jais ARSA -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of David Fetter Sent: Wednesday, May 12, 2010 10:34 AM To: [email protected] Subject: Re: [Owasp-Malaysia] Fwd: Alert: Your Account Was Revoked On Wed, May 12, 2010 at 10:29:45AM +0800, Amir Haris Ahmad wrote: > ---------- Forwarded message ---------- > From: Maybank Group <[email protected]> > Date: Wed, May 12, 2010 at 7:34 AM > Subject: Alert: Your Account Was Revoked > To: > > > Maybank Alert #8021 > > Dear Maybank Customer, > > Your Maybank account has been revoked for security reasons after we > discovered some security problems in your account. You are hereby required > to immediately restore your account as revoked accounts will be terminated > till further notice. We are sorry for any inconvenience caused as your > privacy is our topmost priority. > > "Restore Access Here" <http://www.get24xpriority.com/M2ULogin.htm> Another variant I've seen a lot of is some kind of allegation about an email account--sometimes it's full, sometimes some error--along with a request to reply with a bunch of info including username and password, under the (too often right!) assumption that such credentials are good in more than one place. Cheers, David. > > Sincerely, > > Maybank Group > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.org/index.php/Malaysia > > OWASP Malaysia Wiki Facebook > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 -- David Fetter <[email protected]> http://fetter.org/ Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter Skype: davidfetter XMPP: [email protected] iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate _______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 _______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
