a_monk wrote:
> Lately I received a number (phishing) mails from a bank asking for
> confirmation. In the message, there was a URL:
>
> https://www1.royalbank.com/cgi-bin/r...ntSign&LANG=EN
>
> However, when I moved my mouse pointer to the beginning on the URL, at
> the bottom of the screen, it showed the following instead.
>
> http://163.23.70.201/http/www1.royal...tSign&LANG=EN/
>
> First of all, the link seems not using SSL (http instead of https).
> Secondly, when I pinged 163.23.70.201, there was no response.
>
> I hesitate to click on the https:// link.
>
> Could someone help me understand what is it all about? Any info is
> much appreciated.
<a
href="http://this.is/the/real/destination.php">http://can.claim/anything/about/the/link.html</a>
Your problem obviously is that you messed up your mail client to render
HTML content. Very very bad idea.
And since you're abusing MSIE as a webbrowser, I presume your mail client
in Outlook Express or Outlook. That means you'd be even worse off, since
there a various features^W unpatched vulnerabilities which allow the
attacker to fake the displayed URL. You're lucky that this attacker didn't
try.