Well, the verbiage is more believable, but they haven’t quite figured out how to make a really decent spoof of a web address:
Due to recent account takeovers and unauthorized listings, Capital One is requesting a new account verification procedure. From time to time, randomly selected accounts are placed under an advanced updating process based on merchant accounts / bank relations and on-file credit cards.
We would like to inform you that your Capital One account is currently locked. To unlock your account, you need to confirm your information on file with us by going to:
http://h-74-2-228-70.[covad address redacted]/www.capitalone-online.net/c1/ssh/
Capital One may also request scanned/faxed copies of your photo ID.To speed up the verification process, please update your information within the next 24 hours.
We apologize for any inconvenience this may have caused.
Thank you for using Capital One.
It bears repeating to anyone who gets something like this, even if it looks legit:
- Never click through.
- Go to the company main web page (do it by name, don’t do it from any address on the email), then go to your account information from there.
- Or call the customer service number on the back of the credit card or bank statement.