you might as well do it right
Got a nice little note in my inbox this morning — “Comerika” bank wanted me to “update my profile” on their website. OK, might as well give it a quick look for amusement purposes.
“Please log in.” No account with them, of course, but hey, they just want account numbers anyway, so now I’m Tess Trueheart and my Mastercard number is 5397066542341103. My account is still “unverifyed”. And there was a nice little warning on the right side:
Account Protection Tips: Verify that the Web address you see above starts with: https://webbanking.comerica.com
I can’t decide whether they’re deliberately selecting for the very most gullible/illiterate people or if they’re just incredibly lazy/stupid themselves. Picking on the ones who don’t read it carefully is actually a pretty good idea, since, if someone has persistently avoided every warning about phishing and identity theft for the past couple years, and doesn’t bother to read “Account Protection Tips”, then they’re probably either not going to notice someone else maxing out their card, or they’re not going to know what to do about it.
As evidence for “lazy and stupid”: Other than the (reasonably good) mockup of Comerica’s *actual* login screen, they didn’t bother to copy any of the other text available. So, clicking the link for, say, the “privacy commitment and identity theft” loads it directly from comerica.com. Seems like a nice way to make it easy for Comerica to track them down pretty much instantly — no need to wait for people to complain about fraud and then admit that yes, they did “update” all their credit cards online because they got a friendly email saying they needed to. Then again, any given attempt, faked site and all, really only has to work once.
Maybe that should be part of the application process for getting a credit card, at least online: an email that says “Sir, we’d like you to go to this website and activate your new card by typing in the name on the account and the number and the expiration date. You did it? okay, thank you, the card’s cancelled because we’re tired of people falling for that.”
