Today, I received the following email:
This communication was sent to safeguard your account against any
Max Federal Credit Union is aware of new phishing e-mails
that are circulating. These e-mails request consumers to click
a link due to a compromise of a credit card account.
You should not respond to this message.
For your security we have deactivate your card.
How to activate your card
Call +1 (800)-xxx-9629
Our automated system allows you to quickly activate your card
Card activation will take approximately one minute to complete.
Of course, I don't have an account with Max Federal Credit Union and this is obviously a phish. Notice that the English is quite right:
"For your security we have deactivate your card." and "You should not respond to this message." doesn't make sense in context.
What's more interesting is that the message itself warns you about phishing emails and asks you to call an 800 number.
If you call the 800 number an electronic voice reminds you again to never give your PIN, password or SSN in email and then proceeds to ask you for the card number, PIN, expiry date and CVV2. The assumption is that you've been warned twice not to do something in email, so it's OK by phone.
It's painful to see the phisher use the existence of phishing as a way to phish.