Wednesday, March 09, 2005

Wildcard DNS + Phishing = Convincing Bait URLs built has a great article that discusses tricks that phishing scumbags use to create their latest rounds of deceptive emails.

The trick described in this article combines wildcard dns, encoded URLs (surprise!) and the typical combination of HTML emails and authentic-looking websites.

Some of the URLs function only in selected browsers. For example, the URLs using the pipe character will resolve on Windows XP, but not Linux. Windows XP browsers support a broader character set to accommodate migrations from Windows NT4, which allows the use of the pipe character in identifying network assets.

I guess the toolbar is good for catching on this and you can get it from

Nitin :)


Post a Comment

<< Home