?

Log in

No account? Create an account

[icon] Strangely, not a phishing attempt - Patti
View:Recent Entries.
View:Archive.
View:Friends.
View:Profile.
View:Website (pattib.org).

Security:
Subject:Strangely, not a phishing attempt
Time:02:26 pm
This morning I made six identical small transactions on a credit card in the space of about ten minutes. There was a good reason for it, but I thought there was a good chance that the credit card company would flag it as suspicious, and I expected that my phone would ring.

About five minutes later, I got this email:
URGENT: Confirmation of Recent Transaction
Your Account Ending in XXXX

Dear Patricia Beadles:

As part of our ongoing effort to protect your account and our
relationship, we monitor your account for possible fraudulent
activity. We need to confirm that you or someone authorized to use
your account made the following transaction on your XXXXXX Visa
account ending in XXXX:

Transaction for $XX.XX at XXXXXXXXXXXXXXXXXXXXXX was approved on or
around 04/29/2010 in ALEXANDRIA, VA United States.

Please click on one of the two statements below to indicate if this
transaction was authorized:

(Transaction Authorized) (Transaction NOT Authorized)

Seeing as how I'm a suspicious netizen, I ran this through all of the sanity checks I could think of-- they provided me with accurate information about the transaction, sent it to the email address I would expect, and the links went to my bank's website. I clicked "Transaction Authorized", and all was right with the world. (Final sanity check: the destination site didn't ask me for any information.)

I *think* I like the fact that they're using email for this, but I wonder how many of these get flagged by automated systems as phishing attempts? Does this make people less suspicious of phishing?
comments: Leave a comment Previous Entry Share Next Entry


adbjupe
Link:(Link)
Time:2010-04-29 09:46 pm (UTC)
Was there an option to call them instead?
Or at least a contact phone number?

There's a good chance that I would have called in, if the html decoding would have proven a bit complex.

Sensitive information on an unauthenticated postcard, but you know that of course
(Reply) (Thread)


adbjupe
Link:(Link)
Time:2010-04-29 09:47 pm (UTC)
Lol, on the other hand, they knew about Patricia !
(Reply) (Parent) (Thread)


whipartist
Link:(Link)
Time:2010-04-29 09:49 pm (UTC)
Yes, they offered a phone number.

Once I clicked through, they also offered me the opportunity to use text messages for fraud alerts. I didn't go down that path though.
(Reply) (Parent) (Thread)


yayhappens
Link:(Link)
Time:2010-04-30 04:08 am (UTC)
I would have preferred that they let me know I had a message in my inbox on the banking site specifically, or to call them.

I don't know if the link I click via email to actually authorize the transaction will lead to an https when sending the information across the intarwab just because the rollover url says that it will. Even if it isn't technically necessary, I get really paranoid like that.

The only reason I wouldn't be so suspicious about it is because of the successive transactions. If it were out of the blue, I'd totally be futzing with checking the email headers for routes and everything! lol
(Reply) (Thread)


whipartist
Link:(Link)
Time:2010-04-30 05:11 am (UTC)
I do know that the link is going to https when the URL says it is. It's just the basic technology of the way the web works.

I *do* check headers, hand-inspect URLs, etc.
(Reply) (Parent) (Thread)


evwhore
Link:(Link)
Time:2010-04-30 06:15 pm (UTC)
Yeah, better would be "please login to your account to confirm this transaction or something" and then having people learn the practice of not following the links in email and typing in the site name themselves.
(Reply) (Thread)

[icon] Strangely, not a phishing attempt - Patti
View:Recent Entries.
View:Archive.
View:Friends.
View:Profile.
View:Website (pattib.org).