[hcs-d] interesting spam mail tactic

Matthew Gline gline at fas.harvard.edu
Wed Apr 5 10:51:44 EDT 2006


I just got a phishing attempt which included (masked by an <a> tag 
naturally) the following url (don't click it!):

http://google.com/url?sa=p&pref=ig&pval=2&q=http://993787910:8989/chase.com/index.php

I'm not sure I understand why

http://993787910

works to begin with (they don't seem to have an A record or anything), 
but I do think it's clever that they used google to get there. When I 
click the link in Thunderbird, which correctly recognized it as a scam 
to begin with, it says, "Are you sure you want to visit google.com?" 
which surely sounds more innocuous than "Are you sure you want to visit 
emailbankscams.ru.br.tz?" or whatever.

--Matt




More information about the hcs-discuss mailing list