At least five or six phishing type emails find their way into my inbox daily. Most of the the time it is fairly obvious that they are scams since they appear to come from banks where I have never held an account. However, many of these emails look quite convincing. This morning I received a legitimate email from my bank, some marketing junk, but legit nonetheless. This email made me wonder why banks even bother sending out these HTML rich messages chock full of images and links. Surely the effectiveness of this type of email has been greatly reduced by the number of illegitimate messages everyone receives. Sure, banks need to communicate with their customers, but wouldn’t it be better to send whatever message they need to send in plain text with clear instructions to log into their web site for more information? Plain text might not be as snazzy as stock photos featuring smiling banking type customers, but people would probably feel safer cutting and pasting a link into their browser of choice.
It is worth noting that Firefox throws up some warning messages when one clicks on a bogus link (one that appears to go somewhere safe, but really goes elsewhere).