[IP] more on Citibank Security Update/spoof

To: ip@xxxxxxxxxxxxxx
Subject: [IP] more on Citibank Security Update/spoof
From: Dave Farber <dave@xxxxxxxxxx>
Date: Fri, 07 May 2004 06:20:49 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx


From: Richard Perlman <perl@xxxxxxxxxx>

Dewayne:

If you change the text color of the email, or just paste it into a very dumb
editor (vi) you will see a lot of "text" that was in a white colored font.
Seemingly nonsense to fool SPAM filters.  But, interesting none-the-less.

Also, the actual link text was:
 https://web.da-us.citibank.com/signin/scripts/Iogin2/user_setup.jsp

... the URL was really:
 (http://web.da-us.citibank.com%2e%75%73%65%72%73%65%74%2e%6e%65%74:34/%63/%
69%6E%64%65%78%2E%68%74%6D)

So, while the link text was a seemingly safe citibank.com host, the URL was
really (if I read my ascii table correctly):
 http://web.da-us.citibank.com.userset.net:34/cindex.htm

Richard

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: more on Fwd: Re: [IP] Citibank Security Update/spoof
Next by Date: [IP] Clean Image Is So Key To Google's Success, Why Take Gmail Risk?
Previous by thread: more on Fwd: Re: [IP] Citibank Security Update/spoof
Next by thread: [IP] more on Citibank Security Update/spoof
Index(es):
- Date
- Thread