[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon Dec 12 19:04:02 2005
From: greed at pobox.com (Graham Reed)
Subject: Phishers now abusing dynamic DNS services
pagvac writes:
> What I mean is that the average user will trust more an URL when
> seeing the word "paypal" in it as a domain name, rather than some
> dodgy-looking numerical IP address, with a sub-directory called
> "paypal".
Most users won't even see or notice where the link goes, that's why it
works.
What you do need the hostname for is, to bypass the alarms on webmail
services like Yahoo!, which will display a scary pop-up if you click on a
link that's got a numeric IP address for the hostname.
It won't alarm on most other types of names. At least, I was able to make
up a name and point something in my domain at an arbitrary IP and Yahoo!
stopped showing the warning.
They may have a blacklist, which would catch phish sites once people know
about the hostname.
Of course, without HTML mail, they wouldn't be able to show one thing and
mean another....
And eBay doesn't help the whole situation: if you read the HTML version of
eBay "favorite search" mail, the links take you to some site other than
eBay. (Actually, a doubleclick.net address--which is not resolvable on my
network.) Fortunately, the plain-text version has right-to-ebay.com links.
Powered by blists - more mailing lists