Have you Gone Phishing without realising

[tweetmeme source= “getintheinbox” only_single=false]

This is a long post with a lot of detail so I’m copying the last paragraph to the top as well as at the end so you can get what you came for without having to sift through a load of blurb that you’re not sure you even need.
– – –
Q.How do I avoid mistakenly getting accsued of phishing?
A.This is very easily avoided, don’t put www or http:// in the text that you want to make into links.
Email clients identify links by having http:// , www. or http://www. at the start. so all you have to do is leave that prefix off and you’re fine!
Obviosuly still leave the http:// and www. in the destintation though!
eg: http://getintheinbox.com would become getintheinbox.com
both links are still linked back to http://getintheinbox.com

– –

for all of the details and context on the answer at the top Read on…
Maybe it is because more people are really caring about the quality of their html lately, maybe it’s easier, maybe it’s because the latest generation of marketing execs are better at using wysiwygs than the previous one, but people are definitely doing more with their creative than ever.
Which is ironic seeing as people like Microsoft are making it more restrictive every year!
Anyway, one thing that has come about is an increase in phishing accusations so I thought I’d best illustrate how this can come about in a normal legit marketing email.
What is phishing
Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communicationwikipedia
If you look in your junk folder you may see emails from various banks telling you that you that you have to update your security information.
These emails are trying to convince you that they are this bank and you need to take action, click through and enter your details which they then steal and rob you blind.
The link in this email says hsbc.co.uk but if you hover over it in your inbox, if the email client has not removed the destintation you will see it actually goes somewher else entirely. So they are putting the text of the right place but the actual link destination goes somewher else – their phising site which is built to look exactly like the real one.
How is it possible that I get accused of this all my links go back to the right place?
When you make your emails you normally use words like “click here to view online” or if you are more creative and up with the times you will be linking more descriptive words like “view in a browser
But on occasion you might want to put in your website address like http://getintheinbox.com.
Now when you send your self the email from your client or an ESP’s test facility your email client will make it click-able.
BUT
When you send it as a tracked campaign through your ESP, they will swap the link destinations with tracked links that actually go back your account, report on the click and seamlessly redirect your recipient to your intended destination. So http://getintheinbox.com would look like it was going to http://getintheinbox.com but it will actually go to something like http://emails.getintheinbox.com/tracking.php?d6gh456h65hb56nedthhmj5kkk
where the domain is where the software is hosted or masked and the rest is the encrypted tracking information to allow the ESP to know who sent the email, which message, list campaign and recipient sent it and where to redirect to. – I know it’s genius!
So even though the person clicking will actually end up where the link text says, the what the email client sees is that the link says one thing but actually goes somewhere else, so as far is it is concerned it might say http://www.hsbc.co.uk but it actually goes to http://www.gonnarobyoublind.com so it accuses you of phishing!
How do I avoid this, I need to put my web site in my emails – this is madness. Madness I tell you
This is very easily avoided, don’t put www or http:// in the text that you want to make into links.
Email clients identify links by having http:// , www. or http://www. at the start. so all you hav to do is leave that prefix off and you’re fine!
Obviosuly still leave the http:// and www. in the link destintation though!
tah-dah
– – –
I’ve just found a great guide on this: Download Return Path’s Anti-Phishing/Anti-Spoofing Guide now!