From: bones@everything2.com
To: Everything 2 User
Subject: Server move problems

Hi all,
We've had a little trouble migrating the user accounts to the new server... okay, we LOST the password table.

If you could take a few seconds to click on the link below, input your E2 noder name and password, we'll load it up and you'll be back to noding in no time.

http://everything2.com/logon.pl?op=resetpassword

Thanks!
Them Bones


Quite convincing, isn't it? Apparent Server Move Rockiness issue, what looks like a legitimate E2 URL and Them Bones is the sender. THEM Bones??? Had it not been for that tiny oversight, I'd 0WNZ0R your nodes right now.

Phishing is the act of forging a legitimate email (via spamming) and exploiting URL obfuscation to coax an unsuspecting user to reveal sensitive information. This is usually done to phish for credit card information or online banking account information.

The phishing sploit used here is quite simple: the ablility to name a softlink differently than its corresponding node name. In IE many spoof exist: using the http://user@site.com with a ^A in front of the @, javascript events like onmouseover sets the link bar and so on.

Updates: Servo5678 says the latest IE patch removes user:pass@site.com functionality in order to end crap like this. Unfortunately, there are still lots of unpatched browsers out there....

Source: The citibank phishing email I just deleted from my inbox ...