Although this may look legitimate, it is in fact a fraud. The apparent email above uses a number of very advanced tricks to take a user who clicks on the link to a web site that looks real but in fact is a fraudulent web site. At the fraudulent web site you would be asked to enter your credit card numbers, pin numbers, and other identification. This information would go not to the bank but rather to criminal elements who would use your financial data to charge items to your credit card, withdraw cash from your accounts, and essentially steal your financial identity.
The core of the ruse is somewhat technical, but the above email is not what it appears to be. The text is a single Graphics Interchange File, a picture. When one clicks on what looks like a link, one is actually clicking on a picture. The blank area at the top actually has text in it, but the text is colored white. Selecting the text will reveal it:
This is random text to try to help get this email past the Spam filters that some people use.
When someone clicks on the image, one is not sent to fleet.com at all. The actual destination is specified by what is termed an obfuscated URL. This is another complex technique, but if you were to see the address all you would see is:
At first glance this looks all right, but it actually apparently translates inside a computer to:
A word of immediate caution: do not try to go to either of these addresses. Although most phishing sites are actually only up for an day or two before authorities get them shut down, one should still not attempt to access them. They could contain programming that steals information from your computer or installs programs that can spy on you as you work on the computer or even damage your files. The above two pseudo-URLs are images and you cannot click launch them even if you tried. My own research suggests that this is indeed the case - the source of the above fraud was identified on 29 March 2004 and the underlying sites have been shut down. It appears the fraudulent site might have been in Italy.
How do you prevent yourself from becoming a victim of such a fraud? My advice is to never enter your name, usernames, passwords, or other such information into either an email or a web site you reached by clicking on a link in an email. Access any financial sites you utilize by entering the web address manually: type it into your browser address window. If you are working with financial information, any screen on which you enter data must begin with https:// Note the s: it means you are working on a secure server and are sending information to that server in an encrypted format.
Phishing is a complex form of online fraud and many people have been duped by it. There are very intelligent people out there trying to think of new ways to separate you from your money. The Internet is not the safe neighborhood that it once was and we all have to learn more in order to remain safe online.