[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4688: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4690: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4691: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4692: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
Poco Forums • View topic - Phishing

Phishing

General email topics, from anti-virus and anti-spam software to webmail and ISPs

Moderators: Eric, Tomas, robin

Phishing

Postby adamwest » Tue Nov 02, 2004 5:40 am

I think this is a major flaw in BARCA and I assume POCO as well. With HTML turned of and the Sanitize enabled, links are disguised, as in HTML links, displaying the display link as opposed to the the real link address.

The code withing an email I recieved today is
<ax=href=3D"http://80.231.1.26">https://arribada.ebay.com/saw-cgi/eBayISAPI.dll?P=
laceCCInfo</ax> but rather than display, (HTML OFF and SANITIZE ON) BARCA displays the http ://arribada.ebay.com rather than the real http ://80.231.1.26
(I added the ax to make sure the link didn't work.)

I have HTML off and Sanitize on because I want to see what's in the email. Phishing is prety big business these days. Displaying the html link as it does severly limits the usefullness of the HTML and Sanitize features. I see absolutely NO reason to have the link disguised and I can see people clicking on a link because it "seems" OK.
adamwest
Poco Tourist
 
Posts: 28
Joined: Mon Sep 06, 2004 11:26 am

Postby COD » Tue Nov 02, 2004 7:05 am

In every phishy email I've received, Barca has always shown the real URL (usually expressed as an IP address) when I hover the cursor over the link. That is the primary way that I identify the scam email.

Maybe that one was particularly well disguised?
COD
Resident Poster
 
Posts: 154
Joined: Mon Jul 26, 2004 2:49 am
Location: Fredericksburg, VA

Postby adamwest » Tue Nov 02, 2004 8:27 am

This is a fairly regular thing. Hover shows the same disguised address.

I manage a bunch of mail servers and I am always curious about such emails.
adamwest
Poco Tourist
 
Posts: 28
Joined: Mon Sep 06, 2004 11:26 am


Return to Email Hall

Who is online

Users browsing this forum: No registered users and 2 guests

cron