Finally, someone is doing something about the phishing problem ravaging the Internet. Not surprisingly, it's Thunderbird, which has announced that it will be including anti-phishing measures in version 1.1 of the e-mail client.
The basic idea is simple: if a link in an e-mail has an IP address in it, or if the link text is a valid Web address and the
href attribute doesn't match it, Thunderbird will pop up a dialog warning the user of the possible phishing attempt. It seems like such a simple idea, it's a wonder no one else ever did it. Now we are really beginning to see the value of open source software is the fast response to the changing user experience.
Fresh off my brother getting a hoax eBay e-mail, I too have received one, though this one read somewhat differently. The subject is "Unable to verify or authenticate your credit/debit card information on file..." and says that it comes from email@example.com. The e-mail goes on to say that my credit card doesn't appear to be valid and that I must go to the URL included in the e-mail to re-enter. This e-mail uses the same trick of displaying a valid eBay Web address that is actually linked to a thief's domain (in this case, www.ebayfees.com).
As I read the e-mail, I was struck by the humor of it all. Nowhere on the e-mail does it say my eBay username (the greating says, "Hello eBay User, place or change your account information on file"), and it has this meaningless piece of text: "you have been pre-indefinitely suspended from eBay". Pre-indefinitely suspended? What the hell does that mean?
Once again, the biggest thing indicating that this was a hoax, next to the forged Web address, was the incorrect grammar. Simple things like:
- "credit cards information incorrect" (should be "credit card's information is incorrect").
- "you must have a valid account information on file" (should be either "you must have a valid account on file" or "you must have valid account information on file").
- "Please update information in your eBay account now by click here and entering the new information yourself in your account" (should be "...now by clicking here and entering the new information ").
The bottom line: pay attention to your high school grammar lessons, they could save your identity.