The URL mismatch that seemed like a sure thing to us was showing the reader "https" but really linking to "http"!
Believe it or not major financial institutions send mail with these fraudulent (I would say) links. Very sad. OK, well, then say as long as the https and http links go to the same *domain* maybe it's just an ill-advised redirect. Surely if they go to totally different domains something must be wrong. No. We log them. Here are some samples from yesterday, below. "..." for long identifier strings. I handpicked these for variety. There are actually many phishing messages especially for paypal.com and some banks. Says https://email.citicards.com Links to http://info.citibank.com/... #real bank Says https://web.da-us.citibank.com/... Linsk to http://www.makrasrealestate.com/... #phishing Says https://newsletters.1105pubs.com/... Links to http://www.1105newsletters.com/... #legit? Says https://www.gotomeeting.com/... Links to http://www.itmpi-journal.com/... #legit? Says https://www.hsbcdirect.com/... Links to http://ebusiness.hsbcusa.com/... #real bank Says https://online.lloydstsb.co.uk/... Links to http://dundonaldbluebell.com/... #phishing Says https://www.paypal.com/... Links to http://0x94f57182/www.paypal.com/... #phishing! Says https://www.wellsfargo.com/... Links to http://teplomer.spb.ru/... #phishing Says https://www.downeysavings.com/... LInks to http://smtp.faith-sol-tech.com/... #phishing Says https://www.regonline.com/... Links to http://www.maildogmanager.com/... #legit? Says https://www.moviemaker.com/... Links to http://rs6.net/... #legit Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology
