So I just received an email supposedly from Bank of America. My email ISP was clever enough to mark it as spam. It's a phishing expedition at 69.233.156.21.

As you may know, BoA employs a "SiteKey" to verify their login page. If you don't see a particular image that you selected when you registered with them, then you know it's a bogus login page. These phishers obviously realized this, because at the top of the email appears:

Remember:
Always look for
your SiteKey before
you enter your
passcode during
Sign In »
And yet, when you visit their link, there is, of course, no SiteKey on the login page.

Are they stoopid, or is this some kind of psychological ploy that I don't understand?

~~ Paul

Yeah. Mine wasn't for the bank of america. It was for one of my credit cards. Citi I believe. In the e-mail which looked quite authentic they have warnings about people trying to steal your information and that you should be careful and if you have questions to call this number.

I think they put that in there because some people if they see that assume it must be real because A scammer wouldn't tell them to be careful. So it lulls some people into a false sense of security and they simply assume its real and don't check whereas if that information wasn't there they might think it more likely to be a scam and check.

I think they put that in there because some people if they see that assume it must be real because A scammer wouldn't tell them to be careful.
So the reader notices how authentic the email looks, even down to reminding them about the SiteKey. Then, 10 seconds later, they visit the site, instantly forget about the SiteKey, and blithely enter their personal information.

So it is a psychological ploy, based on the fact that many people apparently have some kind of attention deficit disorder.

~~ Paul

I too use BoA for my banking, and so I'm familiar with their "sitekey" technology. It always struck me as being a fairly simple, elegant way to mitigate "phising" attempts.

That's pretty goddamn funny, actually. :D

I get a lot of junk email telling me I've won something, or I need to log on for something. I really don't mind too much; my "delete" finger gets itchy if left unused.

Another phishing scheme I see, every couple of months I get an email asking to know how much the shipping charge is to wherever, for eBay item #whatever. First time I saw it, my impulse was to tell the sender they got the wrong address, I wasn't selling anything on eBay. Luckily, my brain clicked in before my fingers could go to work.