New Phishing Tactic

Listener Hugh sent me this information.

Thought this might be of interest. The mail tells the user they need to
install a security certificate. I haven’t seen this angle before. Of
course I didn’t follow the link. It probably loads a keylogger, adds you
to a botnet, and gets your dog pregnant.

The message looks like this:

WACHOVIA CORPORATION NOTICE.

At Wachovia we’ve re-imagined what’s possible for online cash management.
The next step in the transformation of Wachovia Connection is access through a new Wachovia Security Plus Certificate.
This will allow you to access securely the Wachovia Connection and other online services.
All users will be notified and must manually install the Wachovia Security Plus Certificate.
Installation takes about two minutes.

Start installation process now>>

Sincerely, Danny Erickson.
2008 Wachovia Corporation.
All rights reserved.

Server certificates are served automatically and part of the appeal of web applications versus client-server. If they have changed or upgraded their server certificate, it should be almost entirely seamless to their customers. You should never have to explicitly install a certificate like this.

So requesting an installation of software, even just a “security plus certificate” is strike one. Including a direct link in the email is strike two.

All phishing attacks have in common that they are trying to fool you into clicking a link without paying attention to its actual destination, to fool you into using a site that looks legitimate but is not. Banks know this full well these days. Typical, real instructions will simply request you to access their site directly, as you usually do. They will place security announcements in a prominent place, they never rely on emails with links to distribute critical security information.

I have searched around for information on this email. Most of it seems to be anecdotal, threads on mailing lists and online fora. The consensus is it is bogus, which is a pretty easy conclusion to draw based on the reasons I’ve explained here.

Odds are also good that this email is propagating through some other means than a legitimate Wachovia customer list. I have received phishing emails from banks of which I am not a customer. If that is true of you and Wachovia, you don’t need to go any further.

Thanks for the heads up, Hugh!

One Reply to “New Phishing Tactic”

  1. Here’s another variant targeting Google Ad Words.

    Attention GOOGLE ADWORDS Customers!

    For certain services, such as our advertising programs, we request 128-bit SSL security information which we maintain in encrypted form on secure servers.
    We take appropriate security measures to protect against unauthorized access to our unauthorized alteration, disclosure or destruction of data.
    Please download latest SSL protection certificate

    Read more>>

    Unprotected browsers will not be able to Log in after September 30, 2008
    Sincerely, Olen Acosta.

    2008 Google Adwords, Developing new services.

Leave a Reply

Your email address will not be published. Required fields are marked *