Daily Archives: November 25, 2008

A simple test to see if the email you are getting is a case of fraud/phishing

I got this email this morning. It looks very legitimate:

Dear Capital One Bank customer,

We recently reviewed your account, and suspect that your Capital One Online Banking account may have been accessed from an unauthorized computer. This may be due to changes in your IP address or location. Protecting the security of your account and of the Capital One Bank network is our primary concern.

We are asking you to immediately login and report any unnoticed password changes, unauthorized withdrawals or deposits, and check you account profile to make sure no changes have been made.

To protect your account please follow the instructions below:

* DO NOT SHARE YOUR PASSWORD WITH OTHER USERS

* LOG OFF AFTER USING YOUR ONLINE ACCOUNT

Please click the following link, to verify your account activity:

https://onlinebanking.capitalone.com/capitalone/login.aspx

We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintaining the integrity of the entire Capital One Bank system. Please login as soon as possible.

Thank you,
Capital One Bank Security Advisor.

Unlike alot of obvious fraud, this one looked pretty legitimate. Still, I was suspicious. So I did a little test.

I ran my mouse over the hyperlink (the “https”) part and looked at the status area at the bottom left of my screen. What I see is that the hyperlink does not go to “https://onlinebanking….” but another hyperlink (http://70-46-123-20.wpb.fdn.com/CapitalOne/index.php”) which appears to have no connection to the Capital One web site. (Plus, it is a non-secure PHP page as opposed to a secure ASP page, making it even more suspicious).

So, I marked it as spam and notified Capital One.

If you were to try to login to this fake site, they would have your userid and password and they would rip you off.

So beware.

P.S. I missed this earlier, but there was also a typo: “you account profile”. Typos are a good sign of phishing too.