Resurgence of old school phishing?
mrm at medicine.wisc.edu
Fri Mar 12 16:43:42 GMT 2010
I've been seeing an increase in the old school type of phishing where a link provided does not go to where the user is led to believe. MS was always great at catching these in the past, but recently some have been slipping through. I don't know if what I'm seeing is anything new or not, but I don't know enough about MS's phishing detection engine to determine what to do about this at this point. The ones that are getting through contain something like this:
validate your account by CLICKING HERE <some lame url>
and the "CLICKING HERE" portion ends up being clickable. I always thought to create an html link you needed an href. Something like:
validate you account by <a href="some lame url">CLICKING HERE</a>
I'm really not sure how the email client knows what portion is clickable in the first example, but 3 separate clients all do the same thing. Has this always been the case? Does MS account for it?
More information about the MailScanner