On Tue, Nov 21, 2006 at 07:15:06PM +0100, Philip Newton wrote:
> On 11/21/06, Gary Shannon <[log in to unmask]> wrote:
> >If it says ANYTHING else, like
> >"http://56.24.19..../.../paypal/signin/...." If there is ANYTHING
> >before the first appearance of "paypal" in the URL, especially a
> >string of numbers, then it is NOT the real PayPal site you are being
> >directed to.
> Also, if there is anything but "/" AFTER the first occurrence of
> "" in the link, especially a ":", an "@" or a ".", then it's
> not the real site (bad examples:
>[log in to unmask],
> http:[log in to unmask],
>; good example:

Caveat: all of the above are correct, but not sufficient: depending on
what you use to read your mail, you may or may not be able to tell
what's the real address being linked to. I've actually seen spam
containing Javascript that cloaks the real address (to a fraudulent
site) and substitutes a legitimate one in its place visually.  A similar
trick is then employed on the fraudulent site to make it appear as
though it were legitimate.

Therefore, I say that you should NOT click on any link inside the email
itself, but go directly to the institution in question (from a bookmark
or by typing the address manually) and go from there. If the message is
legitimate, it should show up when you log in to the real site.


If you compete with slaves, you become a slave. -- Norbert Wiener