How would you classify the below URL?
http://www.google.com/url?q=http%3A%2F%2Fwww.ebay.com
As belonging to Google or as one belonging to eBay? It leads into eBay.com, but it goes there via Google… Well, how about this one:
http://www.google.com/url?q=http%3A%2F%2Fwww.lindqvist.com/ url/?q=http%3A%2F%2Fwww.ebay.com
Horrible, isn’t it? It’s somehow associated with Google, ends up at eBay and it’s not quite clear what the www.lindqvist.com part has to do with it. And it could get worse.
We could obfuscate the lindqvist.com part even more, or let the whole thing pass via some other open url redirector. Or, if I was a scammer, I could hide the fact that you would pass through some other sites simply by printing the link like http://www.ebay.com
This is what scammers do every day. But they would insert yet another level to their structure. A page of their own, preferably an IP address, with a page looking exactly as the login page on eBay, Paypal, or your Internet Bank.
There’s loads of examples around, but there’s not much good in linking to them, since they crop ut, close down, move and crop up again in different addresses each day.
The one thing for you to remember, is to head straight to the site you want to go to, when money is involved. Never trust a mail that looks as if it comes from any financial institution. Never click the links in them, just go to the address you usually use, or click on that bookmark of yours!
Actually, the matter has become even worse lately, because of the potential risk if DNS injections, more often refered to as ”DNS Cache Poisoning”. You can read a good, and quite comprehensive description of this at
http://www.securityfocus.com/guest/17905
The big problem is that Microsoft’s NT4 servers are one of the potential targets for this type of attacks. And just what kind of servers are often used for local DNS services on medium sized companies? Here’s Microsoft’s own how-to on how to avoid this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;241352
So, add a bit if DNS cache poisoning to the url redirectors on top of this page and you end up in a situation where you can never actually be quite safe as to where you actually are on the web…
A pessimistic thought to start off a weak for sure.