Last night in email, I received a phishing request - "spam with attitude" - in the form of an email  containing a link to a supposedly secure website of a bank, in this case, Regions Bank.  The request was for updating my information; the guise was that a system malfunction had forced Regions Bank to email their customers in order to verify personal details.  My first clue that this was a classic phishing scam, aside from the fact that I'm not a customer of the Regions Bank, was the overall tone of the email: they sounded very desperate to get my information - the tone of the email felt entirely wrong.  While the link in phishy email looked legitimate (https://online.regions.com/ibsregions/cmserver/users/default/confirm.cfm), as I hovered my pointer over the address link located in the email, the link's true address was revealed to me in the status bar at the bottom of the email message: http://66.134.248.132/r/.  The address shown in the status bar clearly did not correspond with the secure address in the email.  The second clue was that the entire email was actually an image (see below) and no matter where I clicked, I would be directed to a page designed to sucker me out of my personal information, including my ATM PIN number.  Viewed in an HTML-capable email application such as Mozilla, Thunderbird, Outlook and others, the message simply looked like a well formatted email from the bank. 

Only problem was that it was sent by criminals bent on gathering information from unsuspecting recipients.

To find out where the rabbit hole went, I decided to click on the unfamiliar link.  This is not recommended behavior for any users of unpatched versions of Internet Explorer and/or Microsoft Outlook - clicking on unfamiliar links using these applications can be downright hazardous to your data, so do not try this at home. 

Here is the deceptive image contained in the email I received

In fact, while probing http://66.134.248.132 further, I discovered that the http://66.134.248.132/w/ contained a web page designed to look like a legitimate Washington Mutual web site, with completely illegitimate requests for personal and private financial information.

Phishing scams are not new, but they are getting slightly more sophisticated.  By staying informed of the various methods by which malicious individuals may attempt to acquire personal information from you via the Internet, you can protect yourself from being duped by an Internet con artist.  No one will ever ask you for your PIN via e-mail.  Don't fall for it.

Be careful.  If you feel unsure - don't disclose any information via the Internet.  Pick up the phone and verify.

Macintouch has a collection of user submitted stories regarding security issues with eBay. It appears some users are receiving e-mails that look as if they are sent by eBay, requesting confidential financial information. E-mail isn't the only way of gathering this info, though: fake websites that look nearly identical to real eBay web pages have been known to spring up, as well.

Vmyths.com, a popular and regularly updated site dedicated to debunking internet myths and hoaxes since 1995, will no longer be updated. Rob Rosenberger, the founder of the online resource, is deploying to the Persian Gulf. Among other things, advertising revenue decline is cited as the cause of the closure.

The jdbgmgr.exe hoax is raising its head again. If you haven't heard of this one, the jdbgmgr.exe "virus" implies that a file on your system is infected but results in the removal of a very important system file.

More information on this hoax can be found here:

Symantec

Network Associates

F-Secure


and, if you did delete jdbgmgr.exe:
Microsoft's jdbgmgr.exe Knowledge Base article