8 replies
Thought this was interesting. Hovering over a link to see where it goes is no longer reliable. It can be redirected after you click with most browsers.

Hacking the <a> tag in 100 characters
#phishing
  • Profile picture of the author Moneymaker2012
    I could nt get you. What do you mean.
    {{ DiscussionBoard.errors[7882462].message }}
  • Profile picture of the author Mark Clayson
    He is saying that normally when you get a phishing scam email you can hover over the link and see at the bottom of the page where that link is pointing (so you could hover over a link claiming to be for www.paypal.com and see that it is heading to www.phishingsite.com for example). With this new javascript scam you can still see the link destination as "www.paypal.com" but it changes destination AFTER it is clicked (and therefore takes you to a different, malicious, website)
    {{ DiscussionBoard.errors[7882510].message }}
    • Profile picture of the author Roman Cologne
      Originally Posted by Mark Clayson View Post

      He is saying that normally when you get a phishing scam email you can hover over the link and see at the bottom of the page where that link is pointing (so you could hover over a link claiming to be for www.paypal.com and see that it is heading to www.phishingsite.com for example). With this new javascript scam you can still see the link destination as "www.paypal.com" but it changes destination AFTER it is clicked (and therefore takes you to a different, malicious, website)
      Yep, that's very uncool....
      {{ DiscussionBoard.errors[7882630].message }}
  • Profile picture of the author multimastery
    That's why I never click on sensitive emails links i.e. banking, PayPal, etc.
    {{ DiscussionBoard.errors[7883147].message }}
  • Profile picture of the author DubDubDubDot
    The older browsers allowed webmasters to set custom status bar text when hovering over links. It was especially popular when linking out to affiliate programs (show a different URL or have a short text ad in place of the URL). I know I'm still conditioned from all those years to not trust the status bar URL.
    {{ DiscussionBoard.errors[7883868].message }}
  • Profile picture of the author juangarciamtl
    when visiting paypal or sensitive information websites
    type them directly on the address bar
    its the safest thing at least someone highjacked you dns
    i hate those toolbars that replace google as your search engine
    Signature

    More than 105 modules , scrapes, post and make money.
    http://autopostingtools.com/

    {{ DiscussionBoard.errors[7884685].message }}
  • Profile picture of the author Alex Blades
    I just found one of those emails in my spam, you can't see the url when you hover over it. Here is a sample of the email so people don't get fooled. Also Paypal always calls you by your name, not "client" or "paypal user" so always assume its a scam if they identify you like that. Below is an example of what I mean.



    Scammer way below...

    Signature
    " I knew that if I failed, I wouldn't regret that.
    But I knew the one thing I might regret is not ever having tried. "

    ~ Jeff Bezos

    {{ DiscussionBoard.errors[7895663].message }}

Trending Topics