About five minutes later, I got this email:
URGENT: Confirmation of Recent Transaction
Your Account Ending in XXXX
Dear Patricia Beadles:
As part of our ongoing effort to protect your account and our
relationship, we monitor your account for possible fraudulent
activity. We need to confirm that you or someone authorized to use
your account made the following transaction on your XXXXXX Visa
account ending in XXXX:
Transaction for $XX.XX at XXXXXXXXXXXXXXXXXXXXXX was approved on or
around 04/29/2010 in ALEXANDRIA, VA United States.
Please click on one of the two statements below to indicate if this
transaction was authorized:
(Transaction Authorized) (Transaction NOT Authorized)
Seeing as how I'm a suspicious netizen, I ran this through all of the sanity checks I could think of-- they provided me with accurate information about the transaction, sent it to the email address I would expect, and the links went to my bank's website. I clicked "Transaction Authorized", and all was right with the world. (Final sanity check: the destination site didn't ask me for any information.)
I *think* I like the fact that they're using email for this, but I wonder how many of these get flagged by automated systems as phishing attempts? Does this make people less suspicious of phishing?