When it Comes to Phishing, is Honesty the Best Policy?

Those of us in the anti-spam business have been scratching our heads recently as the number of messages getting through some of the best spam filters has jumped in recent weeks.  Many of these messages are phishing attempts with something in common.

The phishing messages do not attempt to hide their motive.

Huh?

That’s right.  The majority of the message is classic phishing.  Realistic sounding text (often without the grammatical issues) about account validation requirements and legitimate links to a real institution’s web sites.  The “action” link, however, is not hidden.  Recipients see that the link is to some weird URL that in no way looks like the organization supposedly sending the message.

Since spam filters are on the lookout for obfuscated URLs, having the URLs in the open seems to let the phishing messages fly just under the radar.

And clearly, those behind the phishing attack believe the enough recipients will click on the bad URL even though it doesn’t even look safe.  And, the sad fact is, they are probably right.

Recipient Beware.