Further compounding the problem, pretty much every browser has built-in FTP client capabilities invoked at the simple click of a link. Just by opening this link, ftp://10.10.10.10/test.html, for example, IE, Firefox and Mozilla browsers will dutifully fetch the test.html file, render its HTML and run any of its scripts (based on the browser's script configuration settings). So, to answer your question directly, FTP links can indeed be more effective in phishing emails because they receive less scrutiny from most organizations. Make sure to carefully inspect FTP URLs, or even block FTP access, if it is not required in your organization.
Dig Deeper on Email and Messaging Threats-Information Security Threats
Related Q&A from Ed Skoudis
Learn how social networking sites compound the insider threat risk, and explore how to mitigate the threat with policy, training and technology. Continue Reading
By viewing a page's HTML source code and writing malicious scripts to a drop-down list, hackers may be able to re-post the malicous page to the ... Continue Reading
Password cracking may be a hacker's specialty, but there are also many strategies to keep passwords secure. Continue Reading