"Your electronic statement is now available"-SCAM

I just received an email addressed to a slightly perverted version of my name, with the subject heading "Your electronic statement is now available." It purports to be from Ameritrade:

You can now view the electronic statement for your account(s). Please click
the link below or copy and paste it into your browser to see your statement.

http://get-win [period] biz/?AMERITRADE_ID= [...]

You can also log on to your account and click "History" under the ACCOUNT
drop-down menu. Click the "Statements" tab and select the appropriate month
under the "View statement" drop-down box, then click the "View" button.

http://get-win [period] biz/?AMERITRADE_login= [...]

If you have any questions, please contact an Ameritrade(R) Client Services
representative. We're available 24 hours a day, seven days a week (excluding
market holidays).

If it is not already obvious, the first part of the URL is the part that matters: "get-win" is obviously the sleaziest sort of place you can find. It's embarrassing to admit this, but while attempting to paste the above text I accidentally clicked the link. Instantly I hit [Alt] [F4] to close the browser, but it was too late: it spawned a Trojan horse. Fortunately I had a ghost of my hard drive and rebooted with that. But if I hadn't, my effort to warn people that fire is hot would have led to a computer spewing out the above message to others (under my ISP). Incidentally, the hyperlinks above are dummies. They won't go anywhere.

(Incidentally, the email above made it through MSN Hotmail's spam detector.)

Just out of curiosity I looked up the domain on Whois.org. As you can see, it's a bedroom community in Ohio. Consumer Report's Web Watch features an article on scams using the hook of lottery winnings to lure in credulous consumers.

James Stever, an investigator in the Bond County state attorney’s office, says he has received between four and seven similar scam complaints a week over the last two years.

"Most of these in our area want your bank account number," Stever says. "We’re a small county with eight to 12 banks. We tell them there’s no bank that would call you by the phone or [contact you via the] Internet wanting your account number, as they’ve already got it. We say, ‘If you have any question, call your bank or get a hold of the police.'"

The FTC has also issued a warning about a related lottery scam in which the con artists use the phone, direct mail and e-mail to pitch U.S. consumers opportunities to buy tickets in foreign lotteries – an industry that now rakes in $120 million a year. Even if the tickets are real, the transaction violates federal law, which makes cross-border sales or purchase of lottery tickets subject to a $1,000 fine and up to two years in prison.

But our people at "Ameritrade" are actually more interested in infecting your computer for financial data stored on your hard drive. The Web Watch page lists some of the most common fraud schemes (2004), and financial services scams themselves account for a comparatively small share of complaints.