• Feed

    Subscribe in a reader

    Subscribe in Bloglines

    Subscribe to Nafurai by Email

    • « | Main | »

    Use the Source, Luke! aka Find the phishing email

    By maurizio | August 10, 2007

    I love to write funny titles, but as Paula told us, it’s better to put some SEO meat on the title. (actually those are not her words :-)
    Anyway I wanted to speak about source code. This time email source code.

    Some days ago I read a post about a guy who found a PayPal email on his GMail spam box. He was worried that Google is putting PayPal email on the spam, maybe because of the last happenings between Google and Ebay (PayPal’s mother/father company).

    The thing is that Google is reading the source of the email, while you just watch the results.If you start to read the source you’ll discover many interesting things. For example you’ll discover this piece of code:

    <a onMouseOver="window.status='http://www.paypal.com'; return true" onMouseOut="window.status=''" href="http://www.phishing.com">

    This is an html link with a piece of Javascript on it.
    As you probably understand, there are two different actions that the link will do, apart from the usual one that happens when you click it. onMouseOver is the action that will happen when you roll your mouse pointer over the link. When you roll it out of the link onMouseOut’s action will be done by the browser.

    Read the code carefully..when you put your mouse over the link, the browser will change his status label. If you are a programmer you should remember what is a “Status Bar”, but you don’t really have to read JavaScript documentation to understand that window.status is the small space you have at the bottom left side of your browser (you should see “Done” there right now if you use FF).

    So that piece of code is simply showing you PayPal’s url when you hover it and nothing when you “un-hover” it. That’s exactly what an html link is supposed to do, except that a normal link will show you the real url (the one inside the href attribute), while this one is showing you another url!

    So, next time you get a suspicious email, try to look at its source code.

    Btw. “Use the Source, Luke!” is a joke about Star Wars..I hope you got it. :-)

    Share This

    Topics: Content Creation | 1 Comment »

    Read other related posts:

  • Spam from Microsoft Live
  • BloggingToFame is spamming me!
  • Playing with ads

    • One Response to “Use the Source, Luke! aka Find the phishing email”

    1. spam from Microsoft Live Says: MyAvatars 0.2
      October 7th, 2007 at 2:03 am

      [...] the mail, but you can have “phishing tricks” on the site too. (Check my post about Paypal spam to see what’s a “phishing email trick”). The suggestion is useless for this email [...]

    Comments

    Subscribe without commenting