Phishing emails are generally pretty boring: they dress themselves up to look like something they are not, such as a bank, hide links to evil sites that will steal your data, and that’s the end of it.
Flickr phishing.
Google Apps (Gmail) handles my email for me and kindly puts up an unmissable red warning when it thinks an email is phishing.
Today I received such an email ‘welcoming’ me to Flickr. I can see how it would suck in many naive email users.
I took a look at the source code, to see who was trying to steal my information this time. And laughed out loud. These phishers have a sense of humour.
Shady images
Here are some of the image filenames — very ‘shady’:
- email_shady_background.png
- email_shady_bottom_left.png
- email_shady_bottom_slice.png
- email_shady_bottom_right.png
Creative links
Each link went to a different domain name, and the main bad guys appear to be in Russia and Romania. But look at these gorgeous links — I’ve replaced each actual domain name with example.com below:
<a href="http://example.com/hysterical.html">account</a> information.<a href="http://example.com/interfere.html">Add a buddy icon</a><a href="http://example.com/tallness.html">Upload your first photos</a><a href="http://example.com/nightly.html">Find your friends</a>You can <a href="http://example.com/gustav.html">customize these emails</a> or <a href="http://example.com/reselects.html">turn them off</a> at any time.read our informative <a href="http://example.com/chickadee.html">FAQs</a> or <a href="http://example.com/quiz.html">take the magical feature tour</a>.You can always <a href="http://example.com/eyepieces.html">customize these emails or turn them off</a><a href="http://example.com/analyticities.html">Terms of Service</a> and <a href="http://example.com/deluded.html">Privacy Policy</a> and the Flickr <a href="http://example.com/terrify.html">Community Guidelines</a>
We look forward to seeing the world through your eyes!
My favourites are the last two: the deluded Privacy Policy and the terrifying Community Guidelines.
The truth of it
Oh, and just at the end, this incredibly truthful statement: We look forward to seeing the world through your eyes!
These phishers obvious take a lot of pride and pleasure in their work. I’m glad they’ve also given those of us who know a bit about HTML coding something to have fun with too.
KnowIT by RSS
Thanks Miraz, I needed a good laugh.
I haven’t received any phishing emails in a long time, but I used to get them from Paypal a couple/three times a day. Just hovering over any links in the emails (without clicking on them) usually tells you in the status line of your browser exactly where you’ll wind up if you do click them. It’s unfortunate the average Internet user doesn’t think of doing so to insure they’re not being taken for a ride.
Add your Comment