Phishing emails are generally pretty boring: they dress themselves up to look like something they are not, such as a bank, hide links to evil sites that will steal your data, and that’s the end of it.
Google Apps (Gmail) handles my email for me and kindly puts up an unmissable red warning when it thinks an email is phishing.
Today I received such an email ‘welcoming’ me to Flickr. I can see how it would suck in many naive email users.
I took a look at the source code, to see who was trying to steal my information this time. And laughed out loud. These phishers have a sense of humour.
Here are some of the image filenames — very ‘shady’:
Each link went to a different domain name, and the main bad guys appear to be in Russia and Romania. But look at these gorgeous links — I’ve replaced each actual domain name with
<a href="http://example.com/hysterical.html">account</a> information.
<a href="http://example.com/interfere.html">Add a buddy icon</a>
<a href="http://example.com/tallness.html">Upload your first photos</a>
<a href="http://example.com/nightly.html">Find your friends</a>
You can <a href="http://example.com/gustav.html">customize these emails</a> or <a href="http://example.com/reselects.html">turn them off</a> at any time.
read our informative <a href="http://example.com/chickadee.html">FAQs</a> or <a href="http://example.com/quiz.html">take the magical feature tour</a>.
You can always <a href="http://example.com/eyepieces.html">customize these emails or turn them off</a>
My favourites are the last two: the
terrifying Community Guidelines.
The truth of it
Oh, and just at the end, this incredibly truthful statement:
We look forward to seeing the world through your eyes!
These phishers obvious take a lot of pride and pleasure in their work. I’m glad they’ve also given those of us who know a bit about HTML coding something to have fun with too.