Most of the phishing emails I see are obviously fakes. Many don’t bother to spoof the sender address, clearly link to third-party sites (eg. http://www.yourbank.com.46dyu.ru/verify/) and/or use terrible grammar and spelling. While it’s always a give-away when I’m not actually a customer of the purported bank, a few emails certainly make me look twice before I work out their trick.
Here’s one allegedly from St. George bank in Australia.
Have a look at their official website: http://www.stgeorge.com.au/
Then this email:
While some of the grammar is slightly amiss, this email is a step above the bulk of what I’ve seen. Their trick, while not new, is that the text, http://ibank.stgeorge.com.au/verify, is HTML linked to a phishing site at http://www.stgcorge.com/verify, much like I can have http://ibank.stgeorge.com.au/verify link to Google or anywhere else. Only in the case of this email, on a cursory glance, “stgcorge” could easily be read as “stgeorge”.