This showed up in a business email account yesterday. Please note, I don’t have an acccount with US Bank, and the “To:” field has an address that is not mine. (click the image to enlarge)
When you click on the “Login Here” link, if you’re silly enough to do so, this is what you get:
Biggest red flag: the web page you just got redirected to is not usbank.com but rather “http://judybruce.com/obfusticated/usbank.secure.account/” (Judy Bruce is an author, and for some reason her web page has been compromised by malefactors. I have done my best to notify her so she can get this infestation cleaned out.)
Followed by a request for your password:
But wait, there’s more!
Really, people? You’re just going to give out your sensitive financial information to some random mailer on the internet?
But hey, if you’re going to do that, you might as well give the crooks access to your email account as well:
Please be careful out there. A bank will never ask you to provide sensitive information of this nature via email or on the web. If you have doubts or questions, contact your financial institution directly before providing any information.
Please protect yourselves and your vulnerable loved ones.
The Old Wolf has spoken.