Sunday, 28 December 2003
Scam exploits IE URL spoof vulnerability
It was only a matter of time before someone exploited the Internet Explorer URL spoof vulnerability. (As Xeni Jardin points out, Microsoft has yet to issue a fix.) This particular scam involves an email that purports to be from PayPal and includes a link that appears to take the unwary reader to PayPal's web site, where he is asked to "verify" his account information. The users is really taken to http://www.epack.ch/p/verify.htm, which looks like a legitimate PayPal page and which the scammer thoughtfully induced IE to make it look like it is hosted at PayPal.