Email from charity: phish or friend?

Today, we received an email from a well-known charity. The message talked about the charity's work relieving suffering caused by last week's tragic events in the Indian Ocean.

At least, we think the message was from a charity. The huge increase in phishing attacks recently gives us pause for thought. Being the email-savvy people we are, we think twice before clicking on emailed links to web pages.

First, we're going to hover our mouse over the links and see what
comes up in the status bar. Of course, that's not a sure-fire check,
but it's a start, so, hover...

What do we see? Certainly not the address of a website that sounds
like our charity. The obvious conclusion is that this is a cynical
phishing attempt, with the basest of morals. However, when we look a
little closer, we find out that the site that owns the links is a
legitimate marketing services company. It seems that it's contracted to
the charity to mine link-tracking data for them.

Complicated. It took a few web searches and a visit to SenderBase
before we felt comfortable. What's a poor consumer supposed to do?
That's why, in a forthcoming report about phishing, we're making
recommendations to marketers to only use their own domains when
tracking data.

Post a comment

You must be logged in to post a comment. To comment, first join our community.