[Dshield] CNN?
M Cook
dshieldlists at versateam.com
Mon Oct 15 18:04:12 GMT 2007
Anyone see the mail from CNN about a desktop alerter? It offers a link
to download it:
Download it now!
http://downloadpl.cnn.com/cnn/services/alerter/CNNAlerter.exe
But if you hover over it, the link is actually
http://www.access.cnn.com/xyyabbxx_xzenozx.html
Now I realize this is probably innocent, probably just to implement some
sort of tracking; but don't these folks realize it is the same strategy
used by phishers (list one URL, hide the real one)? Why don't they just
say "click here", or make the text match the linked URL. Wouldn't it be
better if legitimate businesses were straightforward, so only the shady
ones were sneaky? Plus if they want to be really helpful, they'd put it
on an HTTPS page, so the certificate could be validated...
(sorry for the rant)
More information about the list
mailing list