{"id":3465,"date":"2010-07-15T22:49:10","date_gmt":"2010-07-15T21:49:10","guid":{"rendered":"https:\/\/brennigjones.com\/blog\/?p=3465"},"modified":"2015-02-25T20:37:44","modified_gmt":"2015-02-25T20:37:44","slug":"gone-phishing","status":"publish","type":"post","link":"https:\/\/brennigjones.com\/blog\/?p=3465","title":{"rendered":"Gone phishing"},"content":{"rendered":"<p>So the phishers\/scammers are at it again and this time they&#8217;re almost but not quite clever.<\/p>\n<p>An email screeched in to the podcast&#8217;s gmail account, you can see a screenshot of it below or <a title=\"Phishing HSBC email\" href=\"http:\/\/\/brennigjones.com\/images\/GoogleMail.pdf\" target=\"_blank\">Click here for a pdf version of the full email<\/a><\/p>\n<p><a href=\"https:\/\/brennigjones.com\/blog\/wp-content\/HSBC_Snapshot.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-3467\" title=\"HSBC_Snapshot\" src=\"https:\/\/brennigjones.com\/blog\/wp-content\/HSBC_Snapshot-300x217.jpg\" alt=\"\" width=\"300\" height=\"217\" srcset=\"https:\/\/brennigjones.com\/blog\/wp-content\/uploads\/HSBC_Snapshot-300x217.jpg 300w, https:\/\/brennigjones.com\/blog\/wp-content\/uploads\/HSBC_Snapshot.jpg 1024w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>I have several problems with this, but by the reports in the media, a number of people are falling for this phishing scam.<\/p>\n<p>My problems are simple:<\/p>\n<ul>\n<li>It is not in English, it is written in something that closely approximates English, but no British clearing bank would surely send such rubbish out? And the sign-off, given that this communication is supposed to be from a bank,\u00c2\u00a0 is just pathetic. Why not put a few kisses on the bottom (oo-er) too?<\/li>\n<li>It is incredibly badly typed. The use of multiple trailing full-stops, the use of the hash-sign. Has HSBC taken to employing 14-year-old schoolchildren to write their customer service letters now? Erm, no.<\/li>\n<li>It has spelling mistakes on it. Really.<\/li>\n<li>The server in the &#8216;click here&#8217; link is based in Taipei, Taiwan &#8211; that well-known bastion of British banking.<\/li>\n<li>So it is an email written in something that approximates but is not quite English. It is an email that is written incredibly badly. It is an email with a link to a website in Taipei.<\/li>\n<\/ul>\n<p>Hmmm, is there anyone who is still feeling warm and fluffy over this email?<\/p>\n<p>Here&#8217;s the double clincher; there are absolutely no names or telephone numbers on the email.<\/p>\n<p>So out of a confidence score of a minimum zero and a maximum 10, my confidence level in this email being genuine is minus 12.<\/p>\n<p>Why so low?<\/p>\n<p>Because our little podcast doesn&#8217;t <em>have <\/em>a bank account, not with anyone, let alone HSBC.<\/p>\n<p>It&#8217;s a fake. And here&#8217;s the html text of the email (just to grab some google traffic in case anyone is searching for information on it):<\/p>\n<p style=\"text-align: center;\">_____________________________________<\/p>\n<p style=\"text-align: center;\"><em>Message begins&#8230;<\/em><\/p>\n<p><span style=\"font-family: Arial,Helvetica,sans-serif;\"><span style=\"font-size: x-small;\"><strong><span style=\"color: #ff0000;\">We regret having to terminate        the account with us.<br \/>\n<\/span><\/strong><br \/>\nPlease be advised of  the        following causes.<br \/>\n<\/span><\/span><\/p>\n<p><span style=\"font-size: x-small;\"># Reasons:- The account would be effectively  terminated        due to the recent information gathered from the profile does not  match the        background data.<\/span><\/p>\n<p># You have refused to follow the link  which        were sent to the email recently.<\/p>\n<p># You logged on  immediately        you verified the account which caused the verification been  canceled. This        may be our increasing inflation problem which have forced your  account to        close down several of its operations.<\/p>\n<p><strong><span style=\"color: #c0c0c0;\"><span style=\"color: #ff0000;\">The account will cease operation        effective 16\/07\/2010..<\/span><br \/>\n<\/span><\/strong><br \/>\nOur  automated        security systems have indicated that access to the account will be  blocked        after 17\/07\/2010.<\/p>\n<p>To cancel the termination        process&gt;&gt;<\/p>\n<p>Please DO NOT CLICK HERE UNDER ANY CIRCUMSTANCES &#8211; UNLESS YOUR NAME IS TONY BLAIR, IN WHICH CASE YOU DESERVE TO BE RIPPED OFF YOU SLIMY PIECE OF DOGSHIT  to verify. <span style=\"font-size: x-small;\"> <\/span><\/p>\n<p><span style=\"font-size: x-small;\"><span style=\"font-size: x-small;\">If you have already logged on or if you need to  login        before verifing the account, please logout before you click the        above.<\/span><span style=\"font-size: x-small;\"> <\/span><\/span><\/p>\n<p><span style=\"font-size: x-small;\"><span style=\"color: #ff0000;\"><strong>*Warning*<br \/>\n<\/strong>____________________________________________<\/span><\/span><\/p>\n<p><span style=\"font-size: x-small;\">It seems reasonable that the login process needs  to        invalidate the session and perform an automatic logout before  succeeding        any attempt on subsequent verification.<br \/>\n<\/span><\/p>\n<p><span style=\"font-size: x-small;\"><span style=\"font-size: x-small;\">Please do not login after you have verified the  account        within 72 hours, to avoid<br \/>\nduplicate access records in our  database as        this could cause the account being suspended again.<\/span><\/span><\/p>\n<p><span style=\"font-size: x-small;\"><span style=\"color: #ff0000;\">_____________________________________________<\/span><\/span><\/p>\n<p>We         regret any inconvenience caused&#8230;<\/p>\n<p><span style=\"font-size: x-small;\">Thanks,<br \/>\nWe appreciate your business!<br \/>\nAdministrative Department Team <\/span><\/p>\n<p>Issued for UK use        only\u00c2\u00a0\u00c2\u00a0|\u00c2\u00a0\u00c2\u00a0\u00c2\u00a9\u00c2\u00a0 2002 &#8211;    2010<\/p>\n","protected":false},"excerpt":{"rendered":"<p>So the phishers\/scammers are at it again and this time they&#8217;re almost but not quite clever. An email screeched in to the podcast&#8217;s gmail account,<\/p>\n","protected":false},"author":13,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3465","post","type-post","status-publish","format-standard","hentry","category-stuff","two-columns"],"_links":{"self":[{"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3465","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3465"}],"version-history":[{"count":0,"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3465\/revisions"}],"wp:attachment":[{"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3465"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3465"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brennigjones.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3465"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}