That's really cunning...anyone investigation wouldn't see anything unless they were using the victim's computer/IP.
As part of a review of phishing in 2012, RSA has outlined how phishers are now using “whitelists” to narrow down their attacks. In what the company calls “bouncer list” phishing, RSA writes that attackers are now using “black hat whitelists”. Only those on the target list will see the malware page crafted by the attackers ( …
You can edit posts now. Go to 'My Posts' to see the 'Edit' button under your post. It's active for some minutes after you create the post. I think it deletes the original post to indicate that an edit has been made.
That explains why I've been seeing a clear drop in quality of email malware coming in over the past few years.
Not only can they no longer spell correctly, they don't even bother with correct formatting - both with the fake HTML email pages and the text-only equivalent.
Heck, many don't even bother obscuring the target malware links within html so they would "look" right on the mail client page... Even the ones that take to you pwned websites don't have web pages that look like the bank they're supposed to emulate.
Worst of all, THOSE are the ones that we're warned about in media here in australia.
(shakes head) they just don't put any effort into it anymore...
I don't know, I've been seeing some really well formatted and worded phishing emails of late pretending to be Paypal; the only clues were the lack of use of my name and the attempt to get me to click on a link in the email. It was worryingly convincing enough that I thought I could have fallen for it if I'd been sleepy or having an off day. It makes me concerned that the amount of less aware tech users amongst us being scammed could increase.
Surely you mean "stupid enough"?
Just askin' ...
Re: "Cool enough?"
I'd go for "on balance of probability, rich enough and stupid enough"
Yep, I've seen these.
I've also seen the malware pages check the browser user-agent to make sure it's a vulnerable browser and/or the targeted platform.
Visit the site without the validation string that's included in the email link, you see a 404. Visit the site with your browser user-agent set to, say, Linux Firefox, you see a 404. Visit the site with the correct validation string and your browser user-agent set to IE 7, you get a drive-by download attempt.