RE: [Declude.JunkMail] Phishing Question

Thu, 12 May 2005 13:36:09 -0700 

Whoops, slip of the finger, there.  That second email address should
have been:

        [EMAIL PROTECTED]

Andrew 8)



-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic
Sent: Thursday, May 12, 2005 1:17 PM
To: [email protected]
Subject: [Declude.JunkMail] Phishing Question


Hi,

I do not understand how this is being displayed in IE.

I got a phishing e-mail reported to me and I went to check it out.

This is the HTML text

<P class=Estilo6>To log into your account and verify your account
activity, 
click here: <BR><A 
onmouseover="window.status='https://www1.royalbank.com/cgi-bin/rbaccess/
rbunxcgi?REQUEST=ClientSignin&amp;LANGUAGE=ENGLISH'; return true;" 
href="http://haukelid.com/hfl/.rbc/index.php"; 
target=_blank>http://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?REQUES
T=ClientSignin&amp;LANGUAGE=ENGLISH</A></P>

Now I understand that this shows up in the e-mail as
www1.royalbank.com/.... 

So what I did was to go to the haukelic.com/... page directly in IE.
When I get there the address in the address bar is
http://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?REQUEST=ClientSignin
&LANGUAGE=ENGLISH 

How is this possible to display some other address when I went to the
haukelid.com address?

What would people do to prevent this mail from getting through in the
future?

In the past I would have put into my phishing.txt filter
http://haukelid.com but when I go there it is a "real" site and the
first level down is also a real site. I am tempted to ban it at the top
level as this person is either using his own site to do phishing from or
his site is compromised and the next URL could be somewhere else on his
site.

Can I get some thoughts on this.

Thanx

 
     Goran Jovanovic
     The LAN Shoppe
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
"unsubscribe Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Reply via email to