Another Phishing Scam

There is a particularly nasty phishing scam in circulation, which has been reported on by Tom Young of Computing (6th February 2007).

Apparently, the scam involves an email with a (fraudulent) link to an "as yet" un-named British bank. Most such links in this sort of scam email actually point to an address that is different to that of the bank's real web site. It may be very similar to the real thing, but nonetheless, it is different.

Although such links are often in text and frequently look like the real thing, most email clients will reveal the true target address of the link when the mouse is hovered over it.

This new scam manages to appear to be targeting the correct web site, even under close scrutiny, but actually redirects the user to a fraudulent site.

I would strongly advise people to always manually type in the address of web links received in unexpected emails that cannot be verified to have been sent by the sender, rather than just to glibly click on them.

I would also encourage email users who need to send unexpected emails (especially those with links or attachments) to colleagues to mention some form of "shared interaction" in the opening preamble of their emails.

The sort of thing I mean by "shared interaction" is a reference to an earlier email or meeting or some other event that both parties know about and would be difficult for someone else to forge.

Most scam emails are automated, so it would be nigh on impossible to include this sort of detail. In some respects, the traditional "Further to my letter of ..." type of opening to standard written correspondence is particularly useful in this context. It is natural and unobtrusive, but reassures the reader that the writer is who they say they are!