Close Call
Teresa got an email this morning from US Bank, or so she thought:
Naturally, she followed the link. Fortunately, she also said, “Hey Jon, I just got this email from the bank…” Sure enough, if you look at the actual text for that email, here’s what you see:
<a href="http://alwerner.de/modules/AdvStats/images/gallery/http:/www.usbank.com/account/"target="_blank">https://www4.usbank.com/InternetBanking</a>
This is one reason (besides tackiness) I despise rich text and HTML emails: the actual content of your message is hidden from you. Here’s where it sends you:
Identical to the real site, but notice the URL. So you can see how people who aren’t either tech savvy or paranoid fall for crap like this pretty easily. The moral of the story: Never trust a link that asks you for information like this. Call your bank, or go to your browser and manually enter its URL, if you want to check.