Here is the full text of an email message I received Wednesday morning:
To: [as usual, not my address]
Sent: Wednesday, January 06, 2010 9:26 AM
Subject: Your Money Transfer Control Number: 590575482
Thank you for using the Western Union Money Transfer®.
Your money transfer has been authorized and is now available for pick up by the receiver.
Transfers to certain destinations may be subject to further delay or additional restrictions.
Your Money Transfer Control Number [MTCN] is: 590575482
Please use this number for any inquiries.
Date of Order: Wed, 6 Jan 2010 16:26:48 +0100
Amount Sent: $94.50
You can cancel this transfer by using the hyperlink below:
http://wumt.westernunion.com/WUCOMWEB/transactions/HomePage/cancel.php?session=&mtcn=590575482&summ=94.50&date=Wed, 6 Jan 2010 16:26:48 +0100
Thank you for using Western Union!
DO NOT REPLY TO THIS EMAIL.
I knew right away this was a phishing email. If I didn’t have these articles to write, I would have deleted it without even looking at the message itself.
Usually, when we think of “phishing,” the first thing that comes to mind is an urgent message that appears to be from a financial institution, instructing us to visit a website and log in to “verify” our account information. This results in revealing personal and account information to someone who will use it for theft (financial, identity or both).
This is a different tactic: make the recipient think a withdrawal is about to be made from their account, and hope they panic and click the link to cancel the transaction.
There is a distinct advantage to this method: when you send a message that claims to come from a financial institution, you usually have to pick one, which limits your potential victims.
For example, if you send out a million messages that look like they came from Chase or HSBC, 90% of your potential victims don’t have accounts at the institution you picked. They recognize it as phishing right away (and will likely recognize your next attempt as such, even if you happen to pick an institution they have a relationship with).
With this Western Union attempt (and its direct ancestor, the PayPal Phishing Email), they take advantage of the fact that anyone can use Western Union. You don’t have to have an account with any particular institution to wire money this way.
Now, I’ve never used Western Union. In fact, at my previous job as a bank teller several years ago (!), I completely weaseled my way out of learning how to use their new Western Union machine, because it arrived during my last two weeks on the job and I didn’t feel like getting into it. Yes, I told them that.
However, a quick look at their website tells me you can wire money online, and I’d be willing to bet that the text of this phishing email is directly taken from a legitimate Western Union message. In fact, the text of the message uses a real website (wumt.westernunion.com).
The thing is, if you look at where the link actually takes you (it’s not the same as the text in the message), it’s a website hosted at “wumt.westernunion.com.yhe3essr.com.pl.” This is a classic phishing-style URL. Like I said, I’ve never used Western Union, and I don’t know much about them. However, I know this much: they’re not based out of Poland (.pl).
I wonder what happens if you follow that link—does it try to steal personal information, or does it install malicious software (or both)? I sort of wish I had a junk computer to try it out on. I’d probably just enter rude words in all the “name” and “address” fields.
I’m sure this message has been received by thousands of people already. It’s trickier than the usual “verify your information” attempt, and I’m sure the success rate will be much higher, unfortunately.
As usual, though, there are lots of telltale signs that something isn’t quite right. When you get these messages, just take a moment to relax and think about it, and you’ll be fine.