Thursday, October 28, 2010

Just Open the Attachment!

It's been awhile since I've received any good spam. (Regular readers will know that I am always appreciative of well-done, thoughtful spamming, spoofing, or phishing, and disdainful of the slapdash, half-hearted efforts that seem to clog my inbox these days. Does no one take pride in his work anymore? See here and here for past expositions on the subject.)

What came today isn't especially good, spam-wise, but it earns points in the Chutzpah category, for coming right out and suggesting I download an attachment to the e-mail. ("Hey, you know all that stuff about never downloading anything from someone you don't know? Nevermind.")

Anyhow, here's the missive, carrying the provocative subject line "Your account was accesed by a third party" and purportedly coming from HSBC Bank plc. (alert@hsbc-online.co.uk) (one of my numerous European bank accounts, no doubt. So numerous that I lose track of them all the time):


    Dear Customer,

    We detected irregular activity on your HSBC
    Internet banking account on 26/10/2010.

    For your protection, you must verify this
    activity before you can continue using your
    account.

    Please download the document attached to this
    email to review your account activity.

    We will review the activity on your account
    with you and upon verification,

    and we will remove any restrictions placed on
    your account.


    If you choose to ignore our request, you leave us no choise
    but to temporaly suspend your account.

    We ask that you allow at least 72 hours for the case to be
    investigated and we strongly recommend to verefy (sic) your
    account in that time.

    Best Regards,
    Colette Nugent
    Head of Customer Communications

    © Copyright HSBC Holdings plc 2010 - All rights reserved


The attachment (which I somehow have not gotten around to downloading) is cleverly called "Verify.html." Seems a little odd to me that an alleged review of my account activity would be in an html document. But then it seems a little odd that they would e-mail me such a thing in the first place. Considering I'm not a customer or anything.

Another oddity: The (sic) in the above message, after the misspelled "verefy"? They put that there! I have no idea why. Nor do I know why they failed to add (sic) after the equally misspelled "choise."

In general, however, this is a pretty average bit of flummery...no graphics, no seemingly legit links, nothing really of interest at all except the damn-the-torpedoes suggestion that I just go right ahead and click on that attachment right there. Hey, what's the worst that can happen, right?