phishing attempt: hey bank, don't help, OK?

[da]

I received a phishing email at work from my bank (TD) which used a url-redirector at THE REAL BANK'S WEBSITE to get to the fake site.

That is: www.tdcanadatrust·com/servlet/infosite.servlet.OutBoundServlet?RequestedPage=phishing·url/urgent_verifying/update.inf

Thunderbird didn't think it was phishing. The destination URL originally went to a copy of the bank's site; two hours later, it was deactivated by the host, and Firefox warns it is a phishing attempt.

The bank hasn't deactivated the redirector. I'm curious how long it will stay active. They should be pretty embarrassed; this isn't rocket-science, and there's no reason you should be able to pull crap like this.

Comments

[da-lj.livejournal.com]

Latest:


Thank you for contacting TD Canada Trust regarding the recent EasyWeb
security concern. As the person responsible to resolve this matter, I
apologize for the delayed response, however, I want to assure you we take
this matter extremely seriously. We have completed our investigation and
we have dedicated the appropriate resources to resolve it.

At TD Canada Trust, we take security very seriously and work vigilantly to
protect our systems and customer information. The EasyWeb Security
Guarantee is there to assist our customers in the unlikely event account
losses occur as a result of unauthorized online banking activity.

Daniel, thank you again for bringing this matter to our attention. We
value your feedback and appreciate the time you have taken to contact us.
If you have any further questions or concerns, please contact me directly.


Peter Prescott
Manager, Channel Operations
e.Bank, Internet Banking
TD Canada Trust