Just discovered that you can abuse the seldom-used @ syntax for passing user/pass combos into URLs to make your domain look to the untrained eye like it lives elsewhere than it does. e.g.:
http://www.nytimes.com@blog.birdhouse.org/
The browser simply ignores everything prior to the @ sign and carries on. Which means an unscrupulous soul can copy a template from any site, populate it with any content they like, and pass out a URL that will fool many viewers.
I’m not interested in doing this, mind you. Merely a technical curiosity.
Music: James Chance & The Contortions :: Jaded
This has been around for awhile, and of course the scammers were the first to use it.. Use one of these urls to spoof PayPal, create a “real target” that looks remarkably like the PayPal site asking someone to reconfirm their account information, get one or two noobs to bite, and voila: Instant Credit Card #s.
plus Address, SSN, ATM Card# and PIN.
I find it amazing that people still fall for it – the query for SSN and/or ATM PIN should raise all kinds of red flags.