RE: [Full-disclosure] Re: Google + Amazon fun scam

If anything, it's probably best suited (and even then,
not very well) to steal authentication information for
Google Services by replicating a login page. Still a

ad@xxxxxxxxxxxxxxxx wrote:

If i remember I saw on this list a post wich was
warning about faking
scam links within domain.
I got this scam today:


wich is pretty easy to discover but I have tried a
variant wich the
scammer probably forgot to use to grow his fooling




This is the exact same vuln really, calling it a
variant seems to be slightly exaggerated.

should be nasty to scam google services or anything
other via this
way. the scammer will hide its domain + "steal" domain.

The scammer will do no such thing, that's a very
ordinary redirect and the browser's address bar will
show the scammer's domain and have nothing to do with
google. You should have tried it out before you said
this! Here's a couple of safe examples for you to try
and see for yourself that it hides nothing and steals

I don't think this is much use for a scam; sure, it
can to hide the real destination address, but it
doesn't let you replace it with a bogus one, and
besides, if you get an email from your bank telling
you to update your account but the link says, isn't that /more/ likely to make people
suspicious and less likely to fool them then if it
just had a domain name in plain text that was just
very-similar-but-not-quite-the-same as the real bank

Can't think of a witty .sigline today....

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -