Hot on the heels of what was quite a reasonable phishing message, this morning I received one that was a little less polished.

It started off quite well, with the mail purporting to come from HSBC bank, and the actual email address was security@hbcs.com, which might just squeeze past some people’s radar.

But what went on with the embedded link? It contains the top-level domain “inhabit.com.au”, which doesn’t sound much like HSBC to me, nor I suspect to anyone who’s technical enough to launch a web browser.

Then again, these things must work or they wouldn’t bother sending them. My question is, has anyone actually received a less convincing phishing message?