Phishing attacks are nothing new and you can usually spot them in your email with half of your brain tied behind your back. You've seen them - bad grammar, syntax and spelling. The obvious links to knock-off URLs. The pleas from Nigerian-Kings-in-hiding. Today in my GMail I received a note from Hallmark that I was the recipient of a e-card. Now, Valentines Day was a week ago so this seemed suspicious, but my mother is not above sending these cute little e-cards every once in a while so I took a look. "Click here" it tells you, but prior to clicking, I always hover on the link to see the source URL. Where do you think it went? Not to Hallmark I can tell you!
This is a simple, but effective step in determining if the email or link you receive in an email is legitimate. While not foolproof, it goes a long-way to determining what might happen when you click on a link. Running Windows Vista with User Account Control turned on to prompt for a user name and password with administrative privileges is also huge in controlling the effect something like this would have on your system should you decide to click on the link and accept the download of "love.zip." Its no news that people across the intertubes have endlessly complained about UAC (even the Mac commercials pan it) but it is a small price to pay to what happens when on your computer. Like it or not, the Windows platform is the most highly targeted OS for attacks. Practice the digital equivalent of "safe sex" when you are online.