Michael J. Radwin

Tales of a software engineer who keeps kosher and hates the web.

Would you believe an ID phishing scam like this?

I just got an identity theft lure via e-mail today:

Dear_ Citibank Cardholders,

This EMAIL was se-nt by-the Citibank server to

veerify your_ _EMAIL address_.

You must cptleome this pcseors by clicking on_the_link

beloww and enntering in the litlle window_ your CITI_bank

Atm_ card number and _PIN that _you use on_the Atm machine.

That is done for-your poterction -w- becouse some_of our

memebrs no lgoenr have acecss to their email adesedsrs

and we must verify it.


To veerify your _e-mail_ addres and accees your CITI_bank

account, click on_the link _bellow_.


Of course it looks completely fake (what bank would send out official email like this with so many misspellings?) yet American consumers lost $5 billion last year to ID theft [Public Enemy No. 1: Identity Theft, Wired 12.02, pp. 44-45].

There may be some good news. The latest IE 6 patch released by Microsoft this week disables the http(s)://username:password@server/resource.ext syntax in URLs. They shoulda done that years ago.