I just got an identity theft lure via e-mail today:
Dear_ Citibank Cardholders,
This EMAIL was se-nt by-the Citibank server to
veerify your_ _EMAIL address_.
You must cptleome this pcseors by clicking on_the_link
beloww and enntering in the litlle window_ your CITI_bank
Atm_ card number and _PIN that _you use on_the Atm machine.
That is done for-your poterction -w- becouse some_of our
memebrs no lgoenr have acecss to their email adesedsrs
and we must verify it.
To veerify your _e-mail_ addres and accees your CITI_bank
account, click on_the link _bellow_.
Of course it looks completely fake (what bank would send out official email like this with so many misspellings?) yet American consumers lost $5 billion last year to ID theft [Public Enemy No. 1: Identity Theft, Wired 12.02, pp. 44-45].
There may be some good news. The latest IE 6 patch released by Microsoft this week disables the http(s)://username:password@server/resource.ext syntax in URLs. They shoulda done that years ago.