[LUAU] How Does this Work?
MonMotha
monmotha at indy.rr.com
Thu Apr 29 15:43:55 PDT 2004
R. Scott Belford wrote:
> I recently received, correct that, SpamAssassin filtered the following
> email. Researching it led me to these two links, among many
>
>
> http://www.inertramblings.com/archives/000454.html
>
> http://www.millersmiles.co.uk/identitytheft/011104-citibank-email-scam.php
>
> and I recall hearing of an unpatched IE bug that could lead to a false
> url being displayed. However, using mozilla on osx I was taken to the
> "citibank.com" domain, and it was deceiving. I just don't bank with
> them. Can anyone explain what is happening on a more technical level
> than what I have found so far?
...
> To log into your account, please visit the online banking
> http://web.da-us.citibank.com&BVP=/cgi-bin/citifi/scripts/&M=S&US&_u=visitor
>
...
That link doesn't work for me in mozilla (brings up an error dialog), but the
use of &BVP= is probably a weirdo escape sequence that rewrites .com into some
odd cctld that someone bought up. I've gotten a similar mail, but it was in
HTML. Did we possibly lose something in the HTML to plaintext conversion?
--MonMotha
More information about the LUAU
mailing list