A co-worker of mine just pointed this out to me today. He tested it in Thunderbird and I tested it in OE6. It warrants serious attention.
Ignoring the munged part, this would trick a very savvy internet user that allows HTML email, clicks on a link and doesn't check the browser address line.
Any input on rules or techniques to block this nasty fellow?
Sincerely, KAM
I just received a phishing e-mail claiming to be from eBay. All of the links LOOKED legit, including what displayed in the status bar when you moused over a link. I knew this was not legit, so I looked in the source code and found this:
<div><a
href="https://signin.ebay-MUNGED.com/ws/eBayISAPI.dll?SignIn&sid=verify&co... artnerId=2&siteid=0"><table><caption><a href="http://211.254.130.108-MUNGED/...../"><u style="cursor: pointer"><font color="#008000">eBay Update Center</font></u></a></caption></table></a></div>
Note the double use of an a href tag, one inside a caption tag, one
outside. The outside a href displays, while the a href within the caption tag is what would actually be triggered.
Interesting way of masking the true URL.