Monday, 26 January 2009

Not just the good guys

This phishing email arrived in my account the other day

Dear Valued Client
Due to security reasons we will want you to confirm your access details by clicking on the verfiy my account details link below

This is due to the fact that a recent review of your account by our security team shows that the use of your account might have been compromised. for security reasons we will want you to verify your account information withing 24 hours

Verify My account Details

Failure to do this will lead to restricted access to your account for security reason.

Sorry for the inconviences

Bad grammar and spelling mistakes - 'verfiy', 'withing','inconviences'

Whilst I was thinking about this, Joe Strazzere posted an example of his own of a phishing phailure.

Almost comforting to know that the bad guys are having the same problems as us but I did wonder about how they operate...
Do they have specs ?
Argue about waterfall or agile ?
Do their testers write test plans, regression tests, run performance tests on their fake sites ?
Is the testing outsourced ?
( waiting for an " I have to test phishing emails pls hlp " posting on SQA Forums )

Is there a crime overlord somewhere pounding a desk with his fist wanting to know why testing didn't find the bugs that me and Joe found ?


Claro said...

Even? I'd have said "especially". Somehow I doubt if their bosses have the cuddliest set of HR processes.

Simon Godfrey said...

Me and Joe, or Joe and I? ;-)

Philk said...

I hate writing blogs that testers read, they are SO picky :(

Joe said...

Great minds think alike!

Paul said...

As long as they keep littering their messages with spelling errors they'll be easy to spot.

Problem is when these errors fall to a level that is indistinguishable from the generally poor standard that is most e-content nowadays.

Of course, no bank ever sends out email! :)