Dera Baalcrys Membre, Tsih eamil was setn by the Braclays svreer to verify yoru eiaml addrsse.
…and so on. My initial fears that the bad guys have finally lost it and just given up were allayed when I looked at the actual source of the message:
Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 7bit … De‮ra‬ Ba‮alcr‬ys Memb‮re‬,
What is going on here? The message body is an attempt at
Code point 8238 is “right-to-left override”; code point 8236 is “pop directional formatting”. The sections contained within the
‬” groups are therefore supposed to be
How delightfully creative. Except that the message is marked as being encoded
in ISO-8859-1, which doesn’t contain those code points. All the cleverness
(probably aimed at some mail program that accepts the invalid code points) was
ignored, leaving gibberish. The good news is that even if they fix that, the
presence of “
‮” in e-mail is going to be a pretty good indicator of
something phishy going on.