Brian Krebs from the WP explains "one of the 'best' phishing attacks" he's ever seen. This one is a very legit looking website, it claims to be related to the "Verified by Visa" program and uses a valid SSL certificate to appear even more realistic. Check out the screenshots as a sample.
The *real* site is here: https://www.mtnamerica.org/,
Note the WashPost article didn't even get the real website correct, stating the Mountain America site is here:
MountainAmerica.net (see the WashPost article).
The phishing site was setup at: Mountain - America.net [without the spaces]
With all this confusion about the location and address of the true site, it's no wonder end users can be confused.
One other interesting note, a Mountain America bank was robbed back in 2003 the old fashioned way -- by two people on foot, wearing hoods, holding a bag. The security cameras got their pictures. Seems pretty stone-age to be robbing banks on foot -- given so many people are robbing from the bath-robe (if that's what phishers wear).
