Saturday, January 3, 2015

Capital One Phishing

They left out something important for me, and I run Linux, so ha ha!  Still, they got hold of email accounts, so I think Cap One has been breached, and although I marked it as gmail spam, it got through as a zero day attack.  I signed into my account and there is no such alert, and I notified them.

8:34 AM

Capital One

 Account Alert: Service Validation.

Dear Valued Holder,

As requested, We're writing to make sure you're aware of a NEW change in security procedure for all account holders.Your profile and billing information needs to be validated.

Kindly follow the ONE-TIME action below in order to opt with our recent security improvement. By passing back and forth private information that only you and us know, you can feel even more secure with your online access experience. We recognize you and you recognize us.

To continue, we have sent you an attached HTML Web Page.

See e-mail attachedweb page
Download and save it
Open the attached web page
Get started by confirming your informations

Online Customer Center. 

Further thoughts:  If nobody else reports this, then it could be a high-quality 'Spear Phishing' attack aimed at me, since I mention Cap 1 in my blog.  On the other hand, they would know it was useless.  :)

No comments: