I’m actually entertained by the occasional spam that gets past all the email filters and thus present the newest drew3ooo category: “Spam Critic,” where we not only look at the technical aspects of junk email, but the artistic merits as well. We start with the Washington State Employees Credit Union scam.

OVERALL RATING OR THIS SCAM: Three stars

A few spammers are getting better. Not only did one of yesterday’s get past the filters, it new where I was from, tried to con me with a fake survey from a local bank and contained correct spelling and grammar. Unfortunately, they didn’t realize that I don’t have an account with the Washington State Employees Credit Union. Still, I have to give them props. Here’s what it said:

Dear member,

Now we’d like to know what you think!
You have been invited to participate in our convenient, new and easy survey that will improve customer service we provide.
Spare two minutes of your time and take part in our $80 Reward Survey.
Helping us better understand how our members feel benefits everyone.

To continue click on the hyper-link below:

WSECU $80 Reward Survey.

Washington State Employees Credit Union.
P.O. Box WSECU
Olympia, WA 98501

Most spammers trying to fake official status fail at the email address test. Their always a yahoo, gmail or hotmail account, which, you know, so many banks use. So WSECU guy gets a nod for going out and fashioning a “do-not-reply@wsecu.org.” This is not an actual address, as this phishing report details, (the bank has one as well) but it’s a nice touch and does represent some sign of a work ethic, as does sending out the email to people actually from the town the bank is in.

Clicking the link in the email takes you to a fairly basic survey. As of this writing. I notice it’s gone, which is too bad because I wanted to include a screen grab of it. It contained the bank’s logo, a fairly straightforward, realistic customer service survey and then the promise of $80 to be credited to your credit card. 80 bucks a bit much. If you’re really fishing for card numbers, why not make it a lower, more realistic amount? And you have to be a little more plausible than that. A real bank already has your account info. Still, not bad. It starts unraveling with the url, though:

http://www.miraibu.net/.WSECU/personal/reward.xml

That seems like a rotten one, but it’s really not that bad and it’s WSECU’s fault. Go to actual the WSCEU website and you’re suddenly forwarded to it’s actual server which is here: http://www.fuzeqna.com/wsecu/consumer/kbdetail.asp?kbid=2559&ao=t

That’s the bank’s actual referring url. At least it has been until recently. It’s currently in the middle of moving. When you try to look at fuzeqna.com, you get an “Directory Listing Denied” message. WSCEU may as well scrap its domain entirely and set up a Myspace page for all the sense of security it must be giving its customers.

When you look at www.miraibu.net, you get a bunch of Japanese characters. If I’m banking, I’m not going to put much faith in either that or the real one, but it could be easy to understand how WSECU customers who are used to this could be duped since they’ve likely become blind to the long urls by now.

But if this scammer is going to go far enough to create a bogus survey and use the logo and at least a general approximation of the colors used by the site, why not take the extra bit of work and actually employ the actual site’s theme? WSECU’s site is a simple three-column front, two-column inside php system that could be replicated in about 2-hours time. Negative point there. With the current server migration, the bank’s site is straddling multiple alphabet soup urls. No one would have thought twice about a scam survey that could just link back to the actual bank site and the crooks could have collected credit card numbers for days before someone caught on.

So minus point on the dismount.

Tags: ,
Subscribe to comments Comment | Trackback |  

Browse Timeline


Related Entries




Site Map | Spam Poison | Archives | Contact | About | Creative Commonsω DREW3000. Now with more Open Sourciness.