[vox-tech] one of the most pernicious spams i've ever seen.

[Mitch Patenaude]

I've seen a lot of these (my email address is 7 years old.. and has 
been published a lot.  I get a lot of spam).

Bruce Schneier called these "URL semantic attacks", but now that I've 
heard it, I like phishing better.  I've seen a couple of really devious 
variations.  Both of these require HTML email. (I know.. it's evil, but 
common)  both had an apparently perfectly valid looking ebay or paypal 
URL, but when clicked on went to www.eboy.net and www.paypa1.com 
(that's a 1 in the second URL, not an "L").

The ways they achieved the perfectly looking URL were:

1) The entire message (supposedly) from ebay was actually an 
image/link, not just the blue underlined text. (but I didn't know this 
until I followed it.. I knew it was a scam, but I wanted to see how it 
worked.)

2) The "URL" was actually inside another <a href=...> </a> tag.  They 
scammers had just escaped the brackets.

I'm thoroughly convinced that most people don't have the technical 
savvy to try to detect URL fraud, and so must be trained to do so 
contextually rather than technically (Why would my bank send me an 
email asking for my PIN, especially since I didn't give them this email 
address.)  I figure that most geeks aren't going to fall for this, but 
I imagine that a lot of identity theft occurs this way.

   -- Mitch