US Bank phishing attack exposed

EXPOSED!!! Um OK.

I disagree that because people continue to fall for it, it is not common knowledge. People continue to drive over train tracks when the light is blinking also and they continue to burn themselves on hot food. Both are "common knowledge". That does not mean no one ever does it....der.

I work in the fraud department of US Bank and all of the information provided in this video is excellent. Like he stated, banks generally don't send e-mails requesting account information, for security purposes. It's really quite pathetic how many people actually respond to phishing e-mails and texts like those mentioned in the video. Please people, don't be so fucking stupid.

great video, but that's really common knowledge

Obviously it's not common knowledge, since many people continue to be scammed.

lavagolemking is right about link-checking. You should never tell users to look at the source code when link-checking is the main reason for the status-bar's existence (even in email programs). Even popup windows now always appear with a status bar at the bottom (according to default settings).

Finally, going by the appearance of a URL on the rendered page is a big no-no. It could look perfectly normal there yet send you to a malicious site. Use hover & status bar instead!

2/5

Tuesday I have been looking for site that had content on us bank and your site came up. Thanks for the video content!

Good videos but missing a couple things.

Most users won't understand the HTML source, so you should have hovered over the link and emphasized the link target at the bottom.

You didn't explain what a drive-by download is. It means that some program (usually a virus) is automatically loaded when you open the page.

Not all browsers have phishing filters, and not all phishing sites will be detected, since they are based on a blacklist. That shouldn't be your only determination of legitimacy.

4/5

A few years ago, I got some phishing email disguised as eBay and paypal, both of which I use. What tipped me off was they asked for my social security, which obviously neither site needs.

Thanks for taking the time to teach us about these things! I knew enough NOT to click on a link in my email, but wanted to know more. You explained it very well. :)

It's interesting to see what these sites actually look like. But, really, the first tip is the only one you need. If you get an e-mail from your bank or any bank, it's fake unless you specifically requested it. And no bank will ask for you to reconfirm information online. They'd send you a letter and ask you to go to the branch, or phone you to request same. Sadly, the phishers wouldn';t go through the trouble if there weren't many people falling for this scam every day.