Time for a Phisher to Step Up Their Game

So, earlier this week, I got this stupid email:
Date: Tue, 9 Dec 2014 10:01:34 +0300
To: [me]
From: Walmart <dcumbest@onsite-us.com>
Reply-To: Walmart <dcumbest@onsite-us.com>
Subject: Order Confirmation
walmart-spam
The text, which is ridiculously small in the HTML presentation shown in the screen capture above, is as follows:
Online shop Walmart received an order, whose recipient is you. The order can be picked in any local store of our network. Please, keep in mind, that you have only 4 days to reserve your order. Detailed order information can be found here. Walmart 2014 Wal-Mart Stores, Inc.
Now, I know Arkansas (Walmart - or is it Wal-Mart - 's home) is not renowned for a high ranking among the states with regard to education. However, I would assume their marketing email would have slightly less stilted English, as well as being consistent in how they spell the corporate name. Now, given that:
  1. I have never shopped for anything on Walmart's website - or "online shop Walmart".
  2. This email from "Walmart" or "Wal-Mart" is from a "dcumbest@onsite-us.com", even though I think Walmart is big enough to have at least one email domain with a name resembling the company's name.
  3. I have never known any store to allow you to place an order for in-store pickup without choosing the specific store where delivery will be made, since it is kind of nice actually to have the item in the store's inventory when you go to pick it up.
  4. Four days seems an awfully short time "to reserve your order".
  5. The closing "copyright notice" neglects to include a "©" before the year and misspells the corporate name.
  6. There are the odd random acts of using commas.
How likely do you think it is that I am going to click on any link in the email? I wonder if the clueless phisher responsible for this is in some way related to the even more clueless phisher who sends emails from the "US Postal Service" stating that there is a package to pick up at any post office (because, of course, the USPS doesn't deliver to your address by default, and it doesn't matter which location you go to obtain the package), and includes "news headlines from the BBC" at the bottom.
Come on, guys. At least spend a little time researching how the organizations you are terribly attempting to spoof work.

Comments

Post a Comment

Popular posts from this blog

Using KeePass with Dropbox for Cross-Platform Password Management

Image
As I have been creating new accounts for myself on multiple websites in recent months, I have been taking lessons from the widely-reported story from August 2012 of how Gizmodo contributor Mat Honan's multiple accounts with shared passwords had been hacked . I have used different, lengthy passwords with multiple randomly-generated characters for each site. However, such lengthy passwords are impossible for me to remember, and I would not want to use the even less secure method of writing all of them down. I had heard multiple computer security experts recommend using such different, randomly-generated passwords and storing them in a password store which would require remembering only one master password. Ideally, for greater security, a key file would be used for the encrypted password store. In seeking out such a password store that was free, open source, and available across multiple platforms, I came across KeePass . The site's download page has the Windows download, as w
Read more

Visiting CareLink Site on OS X Mavericks

Image
Here is a tip for people who fall into the same small category as myself. If you use a Medtronic insulin pump, use the CareLink site to store your pump history, use a Mac, and are running OS X Mavericks for a time - short , I hope - after I write this post, you will run into the problem that I ran into when I first attempted to upload my pump data after upgrading to Mavericks. You will get an error page stating, Unfortunately, the configuration of your PC or web browser is not compatible with our standard system requirements. This is because the only OS X versions supported are "MacOSX 10.5 (Intel), MacOSX 10.6/10.7/10.8". Unfortunately, Mavericks is version 10.9. Unlike the logic for the browser, which recognized that my Firefox 24.0 met the Firefox 5 requirement, the OS check does not appear to allow for future versions. The workaround that I am using, for now, is to use the Firefox User Agent Switcher plugin. After installing the plugin and restarting Firefo
Read more

Website FINALLY Adapted to Apple Silicon

Back in March, I took advantage of a sale at Costco, advanced the inevitable update, and bought a blue-colored iMac. With its Apple M1 chip , after reinstalling essential packages using Homebrew , I had to make multiple changes to the Apache and Tomcat server configurations to allow my website, and the Tomcat server serving the biking weather suitability forecast application, to work properly again. Since these explorations - including a dead end trying to switch from using Apache to Nginx for the web server, given what seems to be the trend and the latter's apparent strength being reverse proxy work - were done very sporadically, it took me until this month finally to get it right. One thing I am glad I did relatively early in the process was to make the new configuration folders git repositories, so I could review the history of document changes and, more importantly, reverse them if needed. This was done using the following steps for the Apache (httpd) folder: cd /
Read more