[thelist] phishing and urls

Stuart Young syoung at unitec.ac.nz
Mon Sep 12 17:47:59 CDT 2005

the Anti-Phishing Working Group:
have an archive of examples of phishing attacks. It includes phishing attempts that attempt all sorts of domain spoofing, from 
* pretend URLs, (usually mispellings or elaborately named sub-domains)
* frames or iframes that display a fake browser toolbar/address bar (and they do browser and screen width detection to work out which image to display),
* absolutely positioned layers outside the viewport on top of the proper address bar, 
* URL redirection flaws, 
* pop-up a window with no addressbar on top of the real site which does have it. 

Many of the best designed phishing attempts utilise a mixture of all of them - e.g. Bank of America 


Dr Stuart Young,       	+64 (0)9-815 4321 x 8656
<syoung at unitec.ac.nz> 	+64 021 183 2846 (mob)
Lecturer, School of Computing and Information Technology,
Unitec New Zealand, Auckland, New Zealand
(the official URL for my staffpage is too long and complex)
Web development, graphic design and photography

>>> oktellme at earthlink.net 10/09/2005 04:18:54 >>>
This morning I got a phishing email supposedly from amazon.com.

I knew it was phishing, of course, because it had that famous line "your
account will close within 24 hours unless you click on his link and verify
your information".

What scared me particularly on this phish was this - I clicked on the link
(I often check to see where a phisher wants to take me, and the url given
was definately an amazon.com address! (Many phishers will lead you to a
misspelled address, or an address with an alien header such as
www.amazzon.com or www.verification.amazon.com.) But, no, this really was
the amazon site. The email also attempted to put amazon.com cookies on my

What scared me even more was I then wrote a letter to amazon alerting them
of the email, and found my email program no longer worked. So... did this
phisher ALSO put a virus, or change a setting on my email?

I immediately restored my computer to an earlier point. My email is working
fine now, and the letter went off to amazon. They sent back a letter saying
that phishers CAN take you to one site while displaying that you are at
another url!!

ok, the above is the story. Below are my questions:

1. HOW can a page make the url be different from the url you are visiting?
2. How can an email use cookies?
3. I was taught that a site can only create and read cookies that match the
domain name they come from. Can someone please set me straight on the facts
about cookies?
4. I thought you would be safe from viruses and unautthorized changes to
your system if you don't click on any attachments. How does an email
transfer a virus or a command if you don't click on an attachment? What are
the new rules for keeping your computer safe?

thanks for any explaination, or links to appropriate explainattions.



* * Please support the community that supports you.  * *

For unsubscribe and other options, including the Tip Harvester 
and archives of thelist go to: http://lists.evolt.org 
Workers of the Web, evolt ! 

More information about the thelist mailing list