Phishing attack or dodgy marketing

I just received an email purportedly from an academic publisher offering me the chance to win an iPod simply for taking part in a survey of my usage of their products. Fair enough.

But, when I click the survey link, the anti-phishing filter in my email program is tripped revealing the message to be a potential security risk. The reason? When one clicks the link to the survey, the link is apparently to “xyz321.con”, but the actual link is pointed to “uvw123.nob”. In other words, they don’t match, a discrepancy that is usually indicative of an internet fraud. Similar things happen with those “Validate your account” messages that appear to be from your bank, eBay, or Paypal, viz, click on something that looks like www.paypal.com and end up at a phishing page on www.abcxyz123.info or whatever.

To an inexperienced user, there is no quick and easy way to validate that the Springer email is genuine, so most would, I’d hope, follow their IT deparments didacts and simply delete the message as a phish.

If I were running such a marketing mail out, then I’d ensure the URL and anchor pointed to the same domain, in this case it would look far “safer” if both pointed to “publishersite.com” rather than some other obscure domain that is unrelated to the company’s genuine domain. This looks and is much safer for the end users and so would ensure a much high percentage take-up of the offer.

For more information on phishing and other computer security issues, I’d recommend you check out http://www.sciencetext.com where I host a stack of tech and security tips, just in case you haven’t got an IT department to offer the software and knowledge to back up those didacts.