Microsoft brought that online experience to the real world, by recreating two online scams in Manhattan. The first scam was a fake bank, called the Greater Offshore, that saw dozens of customers walk in on its first day of business. These customers gladly shared personal information including credit card numbers, SSNs, ATM pin numbers and samples for DNA tests with the (fake) bank clerk.

The second fake store was an inheritance store, created after the infamous Nigerian online scam which tries to lure people into the trap by making them believe they could get a lot of money easily by parting with just a bit.

Again New Yorkers parted willingly with their personal information. In the end, they were told that the store was created to prove a point, to avoid sharing information online with websites and services that are not trustworthy.

Web browsers, like Internet Explorer which was advertised in the end, aid Internet users by automatically blocking known threats and displaying warning messages.

But Internet browsers and other security software can only help in specific situations, the most powerful defense against online threats is, common sense.

Then again, who would have thought that Microsoft would have created a bank for a day?

Once there the site again seems like an exact copy of the original site. They probably offer lots of links that are the same but the login page always does not log you into the original site but collects your user data. Sometimes you receive an error message telling you that your login data was incorrect. At the same time you are redirected to the real homepage and everything will be working as usual.

I knew of bank phishing pages, eBay phishing pages but amazon phishing pages have been new to me. Take a look at this site if you like, do not enter your real data there !

The most obvious reason this site is fake is that its url is http://secure.amazon.com.dec11es.com/ which is not the amazon.com url but one of dec11es.com.

Second the amazon login page is always a site secured with ssl, it could look like this https://www.amazon.com/..

And thirdly the complete second line (the blue one) is empty whereas the orginal amazon one has searches and other stuff located there.

The interesting part is the analysis of the mail. He dissects every part of the message and of course takes a look at the email header as well. The analysis ends with an advice (which he puts at the beginning of his essay) which should be common sense nowadays.

1. You need effective technology to protect you from the many unscrupulous people out there on the Internet who want to damage your systems, scam you or generally subvert your computing resources for their own ends.

2. Security via technology alone is not sufficient to combat the cyber criminals who are out to get you, your business, and your computers. You need to be aware of what is going on around you and take control of the situation before you are compromised. Just as Ignorance of the law is no excuse, ignorance of your computing environment can also land you in deep trouble.

My personal suggestion for you is to switch to a secure email program if you are still using Microsoft outlook. Mozilla Thunderbird, Opera Email and many others are not attacked that often and have better options to improve security.

The suggestions that follow are all important, back then and today as well. Kissel suggests to turn of JavaScript to block that attack vector, block the loading of remote elements like images which can for instance be used for tracking purposes or expoits, use secure connections via SSL when retrieving and sending email, and viewing emails only in plain text and not HTML.