Is This A Scam?

When something sounds too good to be true, it usually is. Less than 3 1/2 hours after receiving my first ever payment through PayPal, I received a message through that same E-mail address from what appears to be a phishing scheme. It's probably just a coincidence that this message was sent so soon after doing business with one of the sponsors of this blog, because my PayPal E-mail address, while very new, is also embedded in Web pages for a PayPal button on a Web site that has had more than 3,400 visitors in the week since I placed the button on those Web pages. Any one of those visitors (which includes bots) could have harvested my PayPal E-mail address.

From: WaMu [customer@email-wamu.com]
Sent: Thu 3/8/2007 10:51 PM
Subj: Washington Mutual OnlineSM $20 Reward Survey.

Dear Valued Customer,

CONGRATULATIONS !!!

You have been chosen by the Washington Mutual online department to take part in our quick and easy 5 question survey. In return we will credit $20 to your account - Just for your time!

Helping us better understand how our customers feel benefits everyone. With the information collected we can decide to direct a number of changes to improve and expand our online service.
The information you provide us is all non-sensitive and anonymous - No part of it is handed down to any third party groups.
It will be stored in our secure database for maximum of 3 days while we process the results of this nationwide survey.

We kindly ask you to spare two minutes of your time in taking part with this unique offer!

To Continue click on the link below:

http://www.wamu.com/secure/online.wamu.com/IdentityManagement/index.html?Washington-Mutual-survey

Many Thanks and Kind Regards - Washington Mutual Bank Customer Department

A few notes are in order:

1. The domain, email-wamu.com, supposedly their customer service address, doesn't exist.

2. I'm not a Washington Mutual bank customer, nor have I ever been one.

3. The time sent precedes the time received by more than six hours (Recv: Fri 3/9/2007 5:04 AM PST), which means their system clock is either way off or else they initiated the E-mail in the time zone that includes Guam and the eastern-most parts of Asia and Australia.

4. The clickable link in the E-mail (I removed this when I pasted it into this blog post) actually contains the following URL:

http://72.18.74.130/wamu20/online.wamu.com/IdentityManagement

While it appears that the domain is WaMu.com (Washington Mutual, a legitimate bank), that's not where the browser will open the Web page, because the IP address is used for the URL. Therefore, the browser won't use the DNS server to find the current IP address of WaMu.com. It will open the default Web page in the wamu20/online.wamu.com/IdentityManagement directory on the Web server at the 72.18.74.130 IP address. That IP address belongs to TexLink Communications (TexLink.com), which is a Texas communications carrier for small and medium businesses. No doubt the scammers have an account on TexLink's Web server.

This is one of those times when we receive the warning, "Don't click on the links in an E-mail from someone you don't know!" and we should heed that warning.