“Phishing” is the practice of using deceptive hyperlinks in an email. You click a link thinking that you are going to your bank or some other trusted site, when in fact the disguised hyperlink sends you to a scammer’s web site.

Scammers do this in order to trick people into parting with sensitive personal or banking details. (Wikipedia can tell you much more ).

The latest Security Fix column in the Washington Post explains how phishing scams are getting more sophisticated.

A recent phishing scam on customers of a credit union used SSL certificates to give an added sense of false security to potential victims. It also looked more legitimate by quoting part of a credit card number common to all customers at that particular bank.

There is no reason for Mail.app users to get caught out. Rob Griffiths at MacWorld provides a tutorial on how to avoid these phishing scams.

Plain text is your best defence. Failing that, the process for protecting yourself differs in Panther and Tiger Mail.

In short, it involves uncovering the hyperlink behind the visible text by clicking and dragging the URL in 10.3 or hovering the mouse over the link in 10.4 to reveal the actual URL underneath (as below):

Poor spelling and grammar are also sure signs that something fishy is going on.phishing, scams, email, hyperlinks, SSL certificates, mail.app, apple mail, spam

Pierre Igot at Betalogue is one of Mail.app‘s most eagle-eyed critics. He finds design flaws and departures from Apple’s own Human Interface Guidelines that no one else notices.

In a long and interesting post, he writes about using Apple Mail without the Preview Pane, about several foibles in the way Spotlight is used in Mail.app, about the inconsistent use of hyperlinks in Mail’s interface and about more elegant ways this could have been done.

I never go away from his blog without learning something. Worth a read.