Security - Best (Worst) Link Scam I've Seen Yet

Try one of these links:

If you're running under Mozilla (Firefox and Opera too) you're probably wondering what the fuss is about. But if you're running Internet Explorer, the results are quite astonishing.

I found this one in a phishing message that came in today. Usually when I examine a fake email it's pretty easy to spot the fake. But in this one the link in the status bar looked legitimate. The difference in behavior of this link to a standard one was so small I didn't notice it. Even the sample code was so subtle that it took me a while to notice what they were doing. 

The trick is done by placing a form inside of a hyperlink:

<a href="http://www.google.com">

<form method="get" action="http://www.danappleman.com">

<INPUT style="text-align: left ; BORDER-RIGHT: 0pt; BORDER-TOP: 0pt; FONT-SIZE: 10pt;

BACKGROUND-COLOR: transparent; TEXT-DECORATION: underline" type=submit

value=http://www.google.com></form></a>

The <INPUT> tag is a button for a form. But instead of appearing like a button, the styles are set to turn it into a standard looking link (standard, meaning it will match the default color scheme on most browsers). The text of the button is www.google.com, and because the entire form is inside of a link, the browser picks up on www.google.com as the target link. But when you click on the fake link, it actually uses the action attribute of the form, sending you to a different site. 

The lesson: NEVER NEVER NEVER click on a link in an email. Always type in the URL in the address bar of your browser. Even that's no guarantee if your system is already infected, but if you're system is clean, you'll be in good shape.