[SURBL-Discuss] Fw: Interesting Phishing Trick

Kevin A. McGrail kmcgrail at pccc.com
Wed Mar 8 18:14:57 CET 2006

A co-worker of mine just pointed this out to me today.  He tested it in
Thunderbird and I tested it in OE6.  It warrants serious attention.

Ignoring the munged part, this would trick a very savvy internet user that
allows HTML email, clicks on a link and doesn't check the browser address

Any input on rules or techniques to block this nasty fellow?


> I just received a phishing e-mail claiming to be from eBay.  All of the
> links LOOKED legit, including what displayed in the status bar when you
> moused over a link.  I knew this was not legit, so I looked in the
> source code and found this:
> <div><a
href=""><u style="cursor: pointer"><font
color="#008000">eBay Update
> Note the double use of an a href tag, one inside a caption tag, one
outside.  The outside a href displays, while the a href within the caption
tag is what would actually be triggered.
> Interesting way of masking the true URL.

More information about the Discuss mailing list