[thelist] phishing and urls

Robert Vreeland vreeland at studioframework.com
Fri Sep 9 21:37:06 CDT 2005


A lot of virus / trojans modify your local dns host file; which means while
the url may say amazon.com the ip address is completely different. Also, I
would recommend against every clicking on a link in a html email from an
un-trusted source as it may launch a stub program, same as going to what you
now is a bogus site.

Robert Vreeland 

-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On Behalf Of Lightning
Sent: Friday, September 09, 2005 12:19 PM
To: thelist at lists.evolt.org
Subject: [thelist] phishing and urls

This morning I got a phishing email supposedly from amazon.com.

I knew it was phishing, of course, because it had that famous line "your
account will close within 24 hours unless you click on his link and verify
your information".

What scared me particularly on this phish was this - I clicked on the link
(I often check to see where a phisher wants to take me, and the url given
was definately an amazon.com address! (Many phishers will lead you to a
misspelled address, or an address with an alien header such as
www.amazzon.com or www.verification.amazon.com.) But, no, this really was
the amazon site. The email also attempted to put amazon.com cookies on my
harddrive.

What scared me even more was I then wrote a letter to amazon alerting them
of the email, and found my email program no longer worked. So... did this
phisher ALSO put a virus, or change a setting on my email?

I immediately restored my computer to an earlier point. My email is working
fine now, and the letter went off to amazon. They sent back a letter saying
that phishers CAN take you to one site while displaying that you are at
another url!!

ok, the above is the story. Below are my questions:

1. HOW can a page make the url be different from the url you are visiting?
2. How can an email use cookies?
3. I was taught that a site can only create and read cookies that match the
domain name they come from. Can someone please set me straight on the facts
about cookies?
4. I thought you would be safe from viruses and unautthorized changes to
your system if you don't click on any attachments. How does an email
transfer a virus or a command if you don't click on an attachment? What are
the new rules for keeping your computer safe?

thanks for any explaination, or links to appropriate explainattions.

Laura

-- 

* * Please support the community that supports you.  * *
http://evolt.org/help_support_evolt/

For unsubscribe and other options, including the Tip Harvester and archives
of thelist go to: http://lists.evolt.org Workers of the Web, evolt ! 



More information about the thelist mailing list