Phish: The Next Generation
I received an e-mail today, nominally from Sprint, but you never know:
Dear Valued Sprint Customer,
At Sprint, our focus is making sure that we always provide you with the highest level of service. Therefore, our policy is to send you emails only with your permission. Click here if you'd like to continue receiving email communications regarding account information, special offers and product updates. Remember that Sprint respects your privacy and will never share, sell, or rent your email address to any third parties.
Whether your current Sprint Service Plan is for personal or business use, we believe that email is the most efficient and environmentally friendly way to communicate with you. If you do not respond to this message, you will no longer receive emails from Sprint (unless you later provide us with your permission). This does not apply to online invoice notifications.
Thank you,
Sprint Customer Service
So I think: This is the future of the phish scam. A two-parter. Much like the Nigerian scam seeks a response, the phuture phish will send out opt-in notifications like this, and when the user clicks okay to acknowledge he or she is a customer of the company in question, then sometime in the near future, the "company" comes back with an audit e-mail or the common phish scams.
The scam will target only users who have acknowledged that they have an offline relationship with the company whose logo appears in the scam, and the user will expect legitimate e-mail from the company because he or she has told the company that he or she wants e-mail from the company.
It's slick, it's elegant, and it's coming....
(Added to the Outside the Beltway
Traffic Jam.)