Here’s a clear-cut BofA phishing attempt to steal my info.
What I find so amusing about this is the Gmail/Gtalk function which allows a user (me) to invite the phisher ("Bank") to chat.
A few comments on the design:
First, if Gmail assumes this is a phisher and displays the alert (in red), the design should not accommodate the invitation functions. The message has already been filtered as a high probability of fraud. Why bother with friendly, viral, initiations to fraudsters?
Secondly, the Invite <user> to chat function is displayed when an email is sent from another Gmail account. I’m sure we can safely assume Bank of America will not be sending out messages regarding "Unauthorized Activity" from a free and public email account.
Just a hunch, but I’m guessing a lot of people don’t click on Invite Bank to chat. If users did click on it, in this case it would essentially be inviting the thief of your identity to chat before or during the time your personal data is actually stolen.
On the other hand — kudos to the Gmail team for creating awareness through the design of phishing alerts in the UI. I hope this makes a big difference for folks who are not familiar with phishing. A small step, but headed in the right direction.
Learn about phishing:
Requisite (and beloved) Wikipedia resource
Report phishing activitites
Microsoft on phishing filters
OnGuard Online (FTC source) – Phishing
{ 0 comments… add one now }
Leave a Comment