LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Ignorant question on spam

[ILUG] Ignorant question on spam

Conor Daly conor.daly at met.ie
Wed Sep 10 17:25:52 IST 2008 

On Wed, Sep 10, 2008 at 12:29:07PM +0200 or thereabouts, Timothy Murphy wrote:
> I find the following stanza in a spam email:
> -------------------------------------------------
> follow the instructions.<br />  \n <br />  \n
> <a href="http://213.244.26.140/index.html"
> target="_blank">
> http://www.paypal.com/us/cgi<wbr />-bin/webscr?
> cmd=_login-run</a>
> -------------------------------------------------
> 
> If I click on the URL I see I am taken to 213.244.26.140
> rather than www.paypal.com (which is all I see).
> 
> Is that a standard html trick?
> 
> I know I see the naughty address at the bottom of my Firefox page
> if I hover over the address I see.
> Is that the only way to avoid falling into the trap?

A number of email clients can be configured to not display HTML emails but
to display the raw html instead.  In the case of kmail you get raw html and
a button to click to see the displayed stuff.  In that case you can fairly
quickly scan for dodgy hrefs.  

With mutt, I use lynx --dump to decode html and I end up with a decoded
message with [1] style references to the hrefs.  Down at the bottom of the
message are the actual href targets so it'll be pretty obvious that it's not
a paypal.com domain.  You still have to be alert for the
paypal.com:blah at attacker.com though.

Conor
-- 
Conor Daly,                   
Met Eireann, Glasnevin Hill,  
Dublin 9, Ireland             
Ph +3531 8064276 Fax +3531 8064247

*********************************************************************************
This e-mail and any files transmitted with it are confidential and intended solely for the addressee. If you have received this email in error please notify the sender.
This e-mail message has also been scanned for the presence of computer viruses.

Ta an riomhphost seo, agus aon chomhad ata nasctha leis, faoi run agus is don te a seoladh chuige amhain e. Ma tharla go bhfuair tu an riomhphost seo tri dhearmad cuir in iul don te a sheol e led' thoil.

Ta an teachtaireacht riomhphoist seo scuabtha le bogearrai frithvireas.
********************************************************************************
NorthBridge Mail Server id e9yrhg43fncvj3974vjenw

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell