[thelist] phishing and urls

Anthony Ettinger apwebdesign at yahoo.com
Fri Sep 9 11:52:28 CDT 2005

1) Install the Netcraft toolbar, it will block
reported phishing scams (and allows you to report them
as well). http://toolbar.netcraft.com

2) They could set cookies by loading an invisible
image in the email's html <img
You are correct in that they are NOT able to set an
amazon.com cookie from outside their domain. Cookies
are restricted to being set from the domain that the
request is coming from (and it's subdomains)

3) As for the url being amazon.com, they are probably
utilizing an open redirect on amazon.com's server.
I've seen this in a few phishing scams already. For
example, amazon.com handles outside links like this:


So they can just link in their email to

4) It's possible the email is exploiting a security
hole in your browser or email client (if it's IE, I
suggest using FireFox, or at least upgrading to the
latest IE).

5) Do you still have a copy of the phishing scam
email? Can you forward it to me? I'd like to see what
it's doing: "ettinger AT chovy DOT com"

--- Lightning <oktellme at earthlink.net> wrote:

> This morning I got a phishing email supposedly from
> amazon.com.
> I knew it was phishing, of course, because it had
> that famous line "your
> account will close within 24 hours unless you click
> on his link and verify
> your information".
> What scared me particularly on this phish was this -
> I clicked on the link
> (I often check to see where a phisher wants to take
> me, and the url given
> was definately an amazon.com address! (Many phishers
> will lead you to a
> misspelled address, or an address with an alien
> header such as
> www.amazzon.com or www.verification.amazon.com.)
> But, no, this really was
> the amazon site. The email also attempted to put
> amazon.com cookies on my
> harddrive.
> What scared me even more was I then wrote a letter
> to amazon alerting them
> of the email, and found my email program no longer
> worked. So... did this
> phisher ALSO put a virus, or change a setting on my
> email?
> I immediately restored my computer to an earlier
> point. My email is working
> fine now, and the letter went off to amazon. They
> sent back a letter saying
> that phishers CAN take you to one site while
> displaying that you are at
> another url!!
> ok, the above is the story. Below are my questions:
> 1. HOW can a page make the url be different from the
> url you are visiting?
> 2. How can an email use cookies?
> 3. I was taught that a site can only create and read
> cookies that match the
> domain name they come from. Can someone please set
> me straight on the facts
> about cookies?
> 4. I thought you would be safe from viruses and
> unautthorized changes to
> your system if you don't click on any attachments.
> How does an email
> transfer a virus or a command if you don't click on
> an attachment? What are
> the new rules for keeping your computer safe?
> thanks for any explaination, or links to appropriate
> explainattions.
> Laura
> -- 
> * * Please support the community that supports you. 
> * *
> http://evolt.org/help_support_evolt/
> For unsubscribe and other options, including the Tip
> Harvester 
> and archives of thelist go to:
> http://lists.evolt.org 
> Workers of the Web, evolt ! 

Anthony Ettinger
ph: (408) 656-2473
blog: http://www.chovy.com

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the thelist mailing list