Like just about everyone, I receive loads of predictable phishing e-mails that (hopefully) make it into my spam bucket. But I was intrigued by the following message that I happened upon when perusing my spam messages:
From: "Linda Evans"
To: david.fraser@XXXXXX.com
Date: Monday, June 20, 2011 2:10 PM
Subject: David f*** [redacted] you!!Remove your f****** [redacted] comment from my profile , I AM NOT YOUR BITCH!
Do I even know you?
Remove it : http://www.facebook.com/profile.php?id=100000456101822
If you dont , I will report you to Facebook and get your account suspended!!!
The link went to a page that appeared to be the Facebook login page but was hosted on some other website, which would capture your password.
I am sure that this will become a routine phishing method, but will probably catch a few folks who haven't seen it before.
I would like to suggest something that should be implemented in all e-mail programs and all browsers: If there is some text that looks like a link between the <a> and </a> HTML tags that doesn't correspond to the actual URL that the link leads to, a warning should appear saying
"It looks like you're clicking on a link that goes to YYY but you're actually going to ZZZ. That doesn't sound good. Are you sure you want do do this?"
I wonder how many phishing attacks could be prevented with this simple change?
