Jones Meadows Blog

A new blast of “phishing” emails have been sent to owners of Washington Mutual (WaMu) Business Account owners, likely others too. The email subject line is “WAMU corporate customer cervice: official information!” and the body content is included below. This is not being sent by WaMu, but by hackers looking to get your login information. Note the word “cervice” is misspelled, and subjects might arrive with various spellings.

The link in the email appears to be http://treasury-84332232.wamu.com/ibswamu/cmserver/base/default/do.cfm
but the actual hyperlink is
http://treasury-84332232.wamu.com.otterx.co.nz/ibswamu/cmserver/base/default/do.cfm

Please note that the fake address contains the deceptive components to look like wamu.com at first…

Displayed: http://treasury-84332232.wamu.com
Hidden: http://treasury-84332232.wamu.com.otterx.co.nz

Phishing scams make use of websites designed to look like the real login site. They can actually be mirrors of the real site as well, so after you login, you really are into your bank account. Since the hacker hosts the fake login screen, they collect your login information, even if they hand you off tothe real website to prevent your awareness.

I called WaMu’s Internet department, and had a far less than favorable response. Their phone rep didn’t know the difference between an email address and a web address, nor did she understand what a phishing scam was. Long story short, she obviously was terribly uninformed for handling customers on such issues. WaMu has done nothing publicly to warn or inform their customers, but we contacted Channel 5 News and are posting syndications to raise awareness.

Whatever you do, when using email links, ALWAYS check the domain name in the address bar and make sure it is who you expect it to be. Else, navigate to your bank site or login site manually, not by clicking an email link. Always check the security certificate that is presented for SSL and check the owner. If no SSL appears (and http doesn’t change to https), then you have a right to feel insecure.

If you think you have received a scam email, send me the content and I’ll examine it and post feedback. email@phpkemist.com

***** START SCAM EMAIL CONTENT *****

Dear Washington Mutual business online client:

The WAMU Customer Service requests you to complete the Washington Mutual Business Online Client Form.

This procedure is obligatory for all business and corporate clients of Washington Mutual.

Please select the hyperlink and visit the address listed to access the Washington Mutual Business Online Client Form.

http://treasury-84332232.wamu.com/ibswamu/cmserver/base/default/do.cfm

Again, thank you for choosing Washington Mutual for your business needs. We look forward to working with you.

***** Please do not respond to this email *****

This mail is generated by an automated service.
Replies to this mail are not read by WAMU Customer Service or technical support.

***** END SCAM EMAIL CONTENT *****

This entry was posted on Tuesday, June 5th, 2007 at 1:50 pm and is filed under Crime. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.