As reported on several support.com blog posts, a "phisher" is a hacker that primarily uses bogus emails to trick consumers into giving up personal information.  To help consumers avoid being snared by phisher tricks we publish real world examples.  A real world example arrived yesterday - in the guise of a Bank of America email (for some reason, Bank of America is a popular phishing ruse).  In this case our corporate spam filter correctly blocked the email... I manually let the email through to inspect and publish for support.com blog reader benefit. 

In this case, the email claimed to be a Customer Survey that, if filled out, would result in a $50 reward.  The phishers did the simple things - linking to a Bank of America logo - to make the email look official.  They also included a blurb that said the email might end up in a SPAM/BULK folder (which it should - it is a bogus email) in the hope that the consumer will let the email through.

How did I know this was a phishing attempt? Here are a few reasons:

• my corporate SPAM filter correctly blocked it - that's 95% of the time a bona fide red flag
• I'm not a Bank of America customer - so the odds they'd be surveying me are low
• there is at least one typo in the email... can you catch it? (hint: "input" is spelled incorrectly...) for some reason phishers - for all their clever tricks - can't spell
• the survey is attached to the email as an .html document (the document format that defines web pages) - a bona fide survey would be a legitimate link to the Bank of America website, not an attachment

Now don't try this at home (remember, we're professionals).  I did what you should never do - I opened the attachment.  Here is what I saw:

If all of the other warnings signs didn't grab you this form should grab you.  Bright red flashing warning - a survey would never (let me repeat that never) ask for personal information like your Social Security Number or ATM number (and PIN!).  At this point you are probably saying - come on now - would anyone fall for that? (and yet again the phishers in their haste to trick people make simple mistakes - Bank of America in the email is now "MidAmerica Bank" in the first survey question!)

Alas, many people do.  So please help us help you and your friends by taking a moment to share this real-world example of how to avoid phishing fiends.  The computing world will be a better place if we can drive the scammers off the Internet.