[log in to unmask] wrote:
> I received this one the other day. I was suspicious because I do not deal
> with this bank. I forwarded a copy to them and they confirmed it was not
> sent by them. I assume the attempt was to get my bank login & pin. Very
> nasty scam!
>
> >>Dear Customer
> >>
> >>This message is from HSBC Bank Canada, to inform you
> >>that we had updated our anti-fraud system to prevent
> >>frequent fraud attempts. At this moment we need you to
> >>reactivate your account due to software security updates.
> >>All accounts that haven't been reactivated will be placed
> >>on hold.
> >>
> >>To verify your account, please visit the HSBC Bank Canada
> >>website at https://www1.hsbc.ca/nav/pib/en
> >>
> >>We appreciate your business. It's truly our
> >>pleasure to serve you.
> >>
> >>HSBC Bank Canada Customer Care
> >>
> >>This email is for notification only. To contact us,
> >>please log into your account and send a Bank Mail.
>
>
> Gary nolan

Gone phishing......

Google for 'phishing', which is what this sort of scam is called.

Is that URL for the real HSBC site? It sure looks real, and Googling for HSBC Canada leads to a page with that reference on, though clicking it gives you the page with menu bars, and hence no opportunity to look at the source (unless there's a keystroke sequence I don't know.

<option value="https://www1.hsbc.ca/nav/pib/en/" selected>Personal Internet Banking</option>

The usual trick with 'phishing' URLs is to quote the real URL followed by a bunch of stuff that you think is just subfolders, or a customer id or somesuch.

But actually, it's HTML for 'Hey that stuff upfront is just a comment; the 'real' site I want you to send him to is....' (generally somewhere deep in Russia, but heavily disguised with HTML character substitution tricks.

Ugly.....

Roy Brown

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *