2005jun14. Like I was saying about that anti-phishing scheme. I finally received some phishing email from the good people at Not Really PayPal, Not By A Long Shot:
“Telephonically.” Hahahaha. The ”link below” looks to be a Paypal address, but if you check the source code in HTML it goes to a completely different domain ending in “info.” Two things:We recently have determined that different computers have logged into your PayPal account, and multiple password failures were present before the login. One of our Customer Service employees has already tryed to telephonically reach you. As our employee did not manage to reach you, this email has been sent to your notice.
Therefore your account has been temporary suspended. We need you to confirm your identity in order to regain full privileges of your account.
If this is not completed by June 17, 2005, we reserve the right to terminate all privileges of your account indefinitly, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner.
To confirm your identity please follow the link below:
1) The domain includes a “user” ID, so if I did go and provide them with false information, they’d still have confirmation that the email address they sent it to worked. From there, I would expect to get even more phishing email ’cause hey, “we got a live one.” So that would be one reason not to follow up and create a false entry.
2) Google’s email beta, Gmail, does not allow you to switch from “basic html” or “standard” (really browser-happy html) to plain text. I’ve been using plain text in email for the last, oh, ninety kabillion years, and I don’t think I’ve missed anything that html-enabled mail can provide, you know, like uniquely-named images so spammers can see if I’m a “live one,” or as in this example, a completely fraudulent URL obscured by what appears to be a valid URL but is actually window dressing.
HTML-enabled mail is a mistake and a joke. It is damage that needs to be routed around.