Roger Moser wrote:
<html><body>
Click here:
<a href="http://www.phisher.com";>https://www.bankofamerica.com</a>
</body></html>
------snip-------
For those who don't have Outlook, this is what Outlook Express
displays:
From: support(_at_)bankofamerica(_dot_)com
Date: Tuesday, September 28, 2004 9:53 AM
To: you(_at_)example(_dot_)com
Subject: Account verification
Click here: https://www.bankofamerica.com
This is yesterday's news. What you describe here has been the workhorse
of phishers for years. However, it catches less and less marks as time
passes (as the masses get slowly educated).
Although there will always be a few to fall for it, the focus is
shifting to much more sophisticated ways to fool the potential mark into
thinking that the mail is legit.
A while ago I demonstrated the authentic fake security seal: go to
http://arneill-py.sacramento.ca.us/ and move your mouse over the yellow
padlock that says "Point to verify". Nice, isn't it? Well, it's 100%
bogus (it's a parody of www.trustlogo.com). In a small informal test,
the majority of non-geeks said that the legit one was mine and
truslogo's the fake (partly because of the fingerprint graphics, partly
because the javascript code moves it, partly because it worked with
Opera).
It is clear that a good anti-phishing server software should, as well as
checking SPF records, also look into matters such as what you mentioned.
Michel.