If you're a phisher your basic strategy is to convince
the victim that he's talking to some site he
regularly does business with. Now, you can't control
the user's experience when he's talking to the legit
site so what you do instead is make the experience you
provide as much like the legit site as possible, hence
tools for mirroring the site you're impersonating.
If you're a potential victim of impersonation, you want
to get the user into the habit of not trusting indicia that
the phishers can easily indicate. To that end, you might
want to tell your users not to click on URLs they receive
in e-mail claiming to be from you. Unless, that is, you're
Amazon:
From: Amazon.com Customer ServiceDate: 11 Dec 2006 11:42:28 -0800 Subject: Payment for Your Amazon.com Order (#ORDER-NUMBER-HERE) To: ekr@rtfm.com Cc: payment-update@amazon.com Greetings from Amazon.com. We're writing to let you know that we are having difficulty processing your Visa (exp. YYYY/MM). We will try charging your credit card again shortly. It is not necessary to place a new order, but you may want to review the payment information for your order and make sure it is correct and current. To do this: 1. Go to our home page (www.amazon.com) then click "Your Account" on the top right menu. 2. Choose the option "Change payment method" (found under "View by Order" in the "Where's My Stuff" box). 3. After you sign in, you will see all your current open orders. You can click the "View or change order" button beside any order and make changes. 4. Click "Change" button in the "Payment Information" box beside "Payment Method." At this point, you may review your current payment method, choose a different payment method, or enter a new one. Thanks for shopping at Amazon.com. Sincerely, Amazon.com Customer Service http://www.amazon.com/ Please note: This e-mail was sent from a notification-only address that cannot accept incoming e-mail. Please do not reply to this message.
Now, this mail has been sent in plaintext (i.e., text/plain
)
so there aren't any links. (Though you could of course get caught by cutting
and pasting out of the message.) Unfortunately, Gmail decided
to help me out and turned everything that looks like a domain name or URL
into a link. Now, as it happens I
had screwed up something with my credit card and this
isn't a phishing message and, but it just as easily could have been.
For extra credit, if you put a link to a different location
in your message, Gmail will display it exactly like the links
it auto-formats. Outstanding!