I’ve seen an uptick lately in phishing emails that do a much better job of replicating legitimate ones. For example, I’ve received several that look like Amazon orders or LinkedIn reminders. In all cases, the email content is a dead ringer for kosher ones except that the content (book titles, names, etc.) is unfamiliar, and if I mouse over the embedded links, the target URL is fishy indeed. And therein lies the purpose: to get unsuspecting recipients to click one of those links, visit its site, and receive malware.

Identifying and stopping these emails was easy.  Since they arrived at my Gmail account, I created some quick filters to corral them.  On closer inspection, I found that they were sent to a couple of my forwarded email addresses, so I simply turned off those forwards at my domain host.  And that provided some insight into the source: one was an old address I had given out only to InformationWeek.  Have they been selling or otherwise disclosing my email address?

Google’s anti-phishing initiatives have had mixed success.  Their phishing filter has been criticized for too many false positives, their DKIM initiatives have had too little uptake, and their “authentication icon for verified senders” is much too passive-aggressive.  But this has perhaps a simple solution: flag any email with embedded links where the target URL’s domain differs from the sender’s domain.  Perhaps this could be done with some creative filters or a Gmail gadget.  If these things come back, I’ll give it a shot.