different phishing approach

Forum Moderators: open

Message Too Old, No Replies

different phishing approach

haven't seen this before

LifeinAsia

4:38 pm on Nov 27, 2007 (gmt 0)

Received a phishing message pretending to be from CitiBank at an account that I never use for online banking. Moused over the link to see if it was worth reporting to the hosting company.

However, the status bar said the link was to someofficiallookingsubdomain.citibank.com Curious, I opened the source text and saw the trick- the e-mail wraps an a href tag (with a link to the phishing site) around an a href tag with a legitemate citibank link.

I happened to read the message through a browser-based interface, so I don't know if it would have the same effect in an e-mail client. (I gess I won't delete it after all and will download it tonight.)

Maybe it's common- I just hadn't seen it before.

LifeinAsia

10:24 pm on Nov 27, 2007 (gmt 0)

My e-mail client showed the phishink link when viewed as an HTML page, so it looks like it may just render that way in web-based e-mail clients.

jdMorgan

10:31 pm on Nov 27, 2007 (gmt 0)

Very interesting... You might want to notify your web-mail provider about this, and save a few of your fellow users some grief.

I think I'll set up a simple test using a 'good' and a 'bad' page on my site, and then send an e-mail with the nested links and instructions so that users can test their web-mail for this problem.

Jim