Oh Look, An Email About My Credit Card!
Would you have fallen for this phishing scam?
Let’s play “how to identify a phishing email” together:
- CHASE ! (Seriously, you can’t just go around using David Malki !’s honorific. You have to earn that.)
- I do not currently have a credit card with Chase.
- Despite this, I am referred to as “Chase Customer.”
- That link? It goes to a DocX stored on Google Drive. I did not click the link, but you can tell it goes to a Google Drive file either by mousing over the link or by noticing the DocX attached to the bottom of the email.
- Real banks do not send you to Word docs.
- Real banks also don’t use “inbox.ru.” In case you’re curious, this implies that CHASE ! is operating out of Russia.
- It’s a little hard to tell, and keep in mind that I did not click the link to confirm, but it looks like that DocX asks you to click another link. Why not cut out the DocX middleman? Not that I want to teach CHASE ! how to be a better phishing scammer, but come on. Don’t use two clicks when you can just use one. This is, like, entry-level online marketing.
- The email was not, in the strictest of terms, sent to me:
I wonder who really owns “firstname.lastname@example.org.” That seems like it would be a really valuable email address.
Anyway, I reported the email both as spam and as scam:
Would you have fallen for an email like this? If you’ve got your own tricks to identify phishing emails, or a checklist you run through to make sure “please change your password” or “please log in” emails are legit, let us know.