Tech Stuff

A Plague of Phishing

Yet another. Here’s the complete text, annotated:

A Wells Fargo business customer has sent you a wire transfer and we have been asked to notify you about this transaction being the recipient [1].

Please, see details [2] in Secure Mail [3] attachment [4],[5]. Contained in the Secure [6] attachment is a PDF.

NOTE: The attachment is best viewed on Internet explorer [7], Google Chrome or Mozilla Firefox [8].

Thank You,

Wire Department. [9]
Wells Fargo Bank N.A.
420 Montgomery Street. [10]
San Francisco, CA 94104. [11]

Disclaimer [12]: You received this message because a customer asked us to notify you about this transaction being the recipient [13]. This message was sent from an address that dose [14] not receive replies. Do not reply directly to this message.

How do you tell that this is bullshit? Let’s count the ways.

[1] The transaction isn’t the recipient, I am.
[2] Leaving out the article “the” is typical of spam written by non-English speakers.
[3] Again, it should be “the secure mail attachment”
[4] “Secure Mail” is not a proper noun, so it should not be capitalized.
[5] Here’s a general rule of thumb: When they tell you the attachment is secure, it is not.
[6] Is this a proper adjective, and so it’s capitalized?
[7] Capital “E” in Explorer.
[8] Why not a PDF viewer for viewing a PDF?
[9] Why the period?
[10] Why the period?
[11] Will someone tell me why the period?
[12] This is not technically a disclaimer. It’s a “note.”
[13] And the transaction isn’t the recipient. The transaction is the subject.
[14] Major financial institutions don’t commonly have misspellings in their boilerplate.

Tom

Tom McGee has been building web sites since 1995, and blogging here since 2006. Currently a senior developer at Seton Hall University, he’s also a freelance web programmer and musician. Contact him if you have the need for a blog, web site, redesign or custom programming!

Leave a Reply

Your email address will not be published. Required fields are marked *