Full text:

From: American Bankers Association
Date: Tuesday, January 26, 2010 7:41 AM
To: [incorrect address]
Subject: An unauthorized transaction billed from your bank card

An unauthorized transaction billed from your bank card.

Amount of transaction: $4939.02
Transaction ID: 398-0919604

Please review the transaction report by clicking the link below:

get the transaction report

———
Letter ID 5220-3934725346-65909286289-61670943682-28564758046-54608776360-66971173579

As usual, the way to respond to this message (assuming you’re not a fraud blogger) is to just delete it after you read the subject line. It’s a fairly obvious phishing attempt, from the disguised link to the large amount of the alleged transaction (which is supposed to make you panic and react without thinking).

The words “get the transaction report” contain a link to a site hosted at “getreport.aba.com.gertfdv.am” (as usual, don’t you even dare visit the site!). Now, I don’t know everything about the ABA, but I know this: their website is not hosted in Armenia (“.am”).

I also know another thing about the American Bankers Association: they don’t issue fraud alerts or unauthorized transaction reports to individual bank customers. Notice how it just says “bank card,” without specifying exactly which bank’s card has supposedly been compromised. That’s one of the top five warning signs of phishing.

If you receive the above message or anything similar, it is a phishing attack and you should delete it right away. And keep your cursor away from that link!