You’d think they’d know something about Identity Theft…

So Identity Theft and this whole phishing thing have been around for a while.  Like long enough that everyone should be aware that those people from Nigeria (or wherever, but its easy to pick on Nigeria) keep trying to get us to log into American Express, or Wachovia, or wherever, but its really their site.  And they accomplish this in various ways, mostly by making the hyperlink text in an email look like a legitimate email and/or making the clickable link look like it contains the domain of the company they are trying to spoof.  So you’d think a company wouldn’t make their own legitimate emails look like a phishing attempt.  Ha!  Apparently its the thing to do now.

I got an email from AIG and I opened it in Thunderbird and Thunderbird immediately flagged it as spam.  I perused the email, realizing it was legit.  Then they include a hyperlink to their retirement stuff.  The hyperlink text is AIGRetirement.com.  The underlying link itself, this beautiful masterpiece: http://aigcorpebus.com/a/hBIrB6zANSb$NB7SKw7AYMHoh.B7SWBZc7/retirement

I’m pretty sure “How to be a lame ass Phisher 101″ says make your text look like a real link but the actual link looks nothing like it.  Then Phishing 102 says pick a url that could pass as legit but actually really isn’t by including the name of the company in it (i.e. aigcorpebus.com).   You’d think they would have just made the URL AIGRetirement.com.

So I then go, maybe I should let AIG know this looks extremely shady.  So I go to contact them to let them know.  I’m not asking any account info, but their contact form wants to know my account info!  Why?  That just seems like a bad thing to ask when you’re not asking an account related question.

So overall, AIG gets a thumbs down from me on their overall online department.  I’m attaching a copy of my email as an image with the hyperlink in the status bar of the window that was captured so you can all see for yourself.

AIG Retirement email is so bad that even Thunderbird thinks its fake!