> > Any domain names in a phishing email code are most likely going to be legit > > domain names such as, ebay.com, bankofamerica,com, southtrustbank.com etc.. > > These are the domains visible to the target/sucker.
On the other hand, I just got a phish insisting I had to update my wellsfargo account (which if course I've never had). There are only two urls in the message body: <p><img src="http://a248.e.akamai.net/7/248/1856/6fbc90232ac38d/www.wellsfargo.com/i mg/eal_logo_gen.gif"></p> <p>Dear Wells Fargo customer,</p> <p> As you may already know, we at Wells Fargo guarantee your <a href="http://aurum.vup.hr/%7Ewolf/cgi-bin/wellsfargo/signon/CONS&ERROR_CODE/ index.htm"> The akamai site is really common in phish these days, since it seems to have all of the logos for the various financial institutions readily available to phishers. The other site, you will not, is NOT using a dotquad. Loren