l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2003 Sep 25 13:19

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] one of the most pernicious spams i've ever seen.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] one of the most pernicious spams i've ever seen.

I've seen a lot of these (my email address is 7 years old.. and has been published a lot. I get a lot of spam).

Bruce Schneier called these "URL semantic attacks", but now that I've heard it, I like phishing better. I've seen a couple of really devious variations. Both of these require HTML email. (I know.. it's evil, but common) both had an apparently perfectly valid looking ebay or paypal URL, but when clicked on went to www.eboy.net and www.paypa1.com (that's a 1 in the second URL, not an "L").

The ways they achieved the perfectly looking URL were:

1) The entire message (supposedly) from ebay was actually an image/link, not just the blue underlined text. (but I didn't know this until I followed it.. I knew it was a scam, but I wanted to see how it worked.)

2) The "URL" was actually inside another <a href=...> </a> tag. They scammers had just escaped the brackets.

I'm thoroughly convinced that most people don't have the technical savvy to try to detect URL fraud, and so must be trained to do so contextually rather than technically (Why would my bank send me an email asking for my PIN, especially since I didn't give them this email address.) I figure that most geeks aren't going to fall for this, but I imagine that a lot of identity theft occurs this way.

-- Mitch

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.