R. Scott Belford wrote:
I recently received, correct that, SpamAssassin filtered the following
email. Researching it led me to these two links, among many
http://www.inertramblings.com/archives/000454.html
http://www.millersmiles.co.uk/identitytheft/011104-citibank-email-scam.php
and I recall hearing of an unpatched IE bug that could lead to a false
url being displayed. However, using mozilla on osx I was taken to the
"citibank.com" domain, and it was deceiving. I just don't bank with
them. Can anyone explain what is happening on a more technical level
than what I have found so far?
...
To log into your account, please visit the online banking
http://web.da-us.citibank.com&BVP=/cgi-bin/citifi/scripts/&M=S&US&_u=visitor
...
That link doesn't work for me in mozilla (brings up an error dialog), but the
use of &BVP= is probably a weirdo escape sequence that rewrites .com into some
odd cctld that someone bought up. I've gotten a similar mail, but it was in
HTML. Did we possibly lose something in the HTML to plaintext conversion?
--MonMotha
