Just got phishing spam from bad guys pretending to the Bank of Ireland. Here’s the email:
If you are fooled into clicking the link, you are redirected to:
The “obfusticated” prevents anyone from actually going to the bad site, and protects the wordpress user whose website (“obfusticated.com”) has been compromised. For what it’s worth, I’ve done my best to warn the individual involved that there is a problem at their website.
The gateway page is below. It looks very official, but don’t let that fool you. It’s a fake.
Then you get to give the criminals your login PIN:
The malicious code appears to fail the first time and makes you re-enter the data. It doesn’t matter what you put in the second time, you’ll advance to the next page:
Please be aware: BANKS WILL NEVER DO THIS. NEVER GIVE OUT SENSITIVE INFORMATION BY EMAIL OR ON THE WEB.
Next you are asked to hand the criminals your credit card password.
Once they have your data – or in my case, a whole raft of obscenities – you are redirected to the real Bank of Ireland website.
If you have a WordPress blog (or any other website) please make sure you are using strong passwords. If bad guys get in, they can park malicious code in your web space and direct their victims there, not to mention steal whatever valuable data is there.
Never give out sensitive financial information over the web. If you suspect your accounts have truly been compromised or locked, call your bank directly and ask for verification.
Be careful out there.
The Old Wolf has spoken.