I’m seeing an uptick in the number of e-mails that are trying to gather financial information by posing as services that check or protect your security. This morning I got this one:

At U.S Bank, we take security and privacy very seriously. In order to provide additional security for your online transactions, we have introduced some new important security standards and browser requirements. We need to check your computer system for compatibility with our new standards.

Confidentiality of your records is maintained in several ways, all data transmissions between your computer and our data center are encrypted. All messages sent to us are not decrypted until they are inside our firewall.

In order to check if your computer system is compatible with our new security standards, please login to your account.

Yeah, right.

The URL that they provide starts with the IP address (, which always makes me suspicious. It’s the Korean Web site (supposedly) of a used industrial machinery online marketplace. Hmmm.

Then, a few minutes later, I got another message spoofing U. S. Bank. Weird.

For anyone who doesn’t know, NEVER reply to these.

Update: Coincidentaly, the BBC has an article that places this all in context:

Spam is subtly shifting from nuisance to illegality, says a new report from security firm Clearswift….

In the early days, spam was dominated by pornography but these days an opened junk e-mail is far more likely to be offering a miracle diet than an invitation to view porn….

While porn is languishing at just 4.8% of spam, compared to 21.8% at the same time last year, financial and pharmaceutical spam now makes up nearly 70% of spam….

For criminals, spam provides the perfect cover to direct people to disreputable websites without being traced.

Known as web-phishing, spam directing people to seemingly legitimate sites in order to steal credit card details and other personal information is on the rise.

[To the tune of Moby, “Honey,” from the album Play.]