Got this in my email this morning:
Attn: Financial Manager
Herewith we would like to inform you about the recent amendments in the FDIC insurance coverage.
During the period from 12-31-2010 to 12-31-2012 all the money in a “noninterest-bearing transaction account” are provided with a full insurance coverage by the FDIC. Please note, that this measure is temporary and separate from the FDIC’s general deposit insurance rules.
The term “noninterest-bearing transaction account” includes a traditional checking account or demand deposit account on which no interest is paid.
For more information about this temporary FDIC unlimited coverage, please view the official site [link.] < -redacted Regards, Virginia Sosa. Federal Deposit Insurance Corporation
This is particularly heinous because it preys on the intimidation financial agencies have over the common citizen. We don’t understand the FDIC, how banks work, why the whole stock collapse happened, etc., and these spoof/phish attempts go right for that fear. This email is also employing another behavioral cue: assumption. As humans, we adapt to the level that is presented to us. A familiar case of the social assumption is when you forget a person’s name. You do your best to hide the fact that you can’t remember a name of someone who is so friendly with you. This phish attempt is designed to embarrass the reader into clicking on the link; since the reader is at a loss for sufficient information, the reader will look for more information to ease their uncomfortable state of ignorance.
Here’s a good tip: hover over any link you see in any email. A few seconds of hovering over this [link] would show you that the URL is some random place in .au (Australia), not any .gov websites, nor does the URL even have FDIC in it.
We can’t help but be human. Our social customs and morés sink us sometimes, but they lift us too. Instead, concentrate on educating others on how to judge a link’s validity, and teach them the self-control to ignore obscure links (e.g., the links with shorteners like t.co or goo.gl).
Hover before you click!
By the way, what do you do when you’ve forgotten a person’s name? I’d love some tips…