Today, I got a phishing email using a Yahoo redirection. People who claim redirection isn’t a problem read on. Indeed, the URL also uses Dword encoding to further make the URL obfuscated. Here’s the URL:

http://rds.yahoo.com/_ylt=A0LaSV66fNtDg.kAUoJXNyoA;_ylu=X3oDMTE2ZHVuZ3E3BGNvbG8DdwRsA1dTMQRwb3MDMwRzZWMDc3IEdnRpZANGNjU1Xzc1/SIG=148vsd1jp/EXP=1138544186/**http%3a//1115019674/www.paypal.com/us/webscr.php?cmd=_login-run

Notice the Dword there? 1115019674 That translates to 66.117.217.154:

OrgName: Fuse Internet Access
OrgID: FIAI
Address: 209 W. Seventh St.
Address: MS 121-550
City: Cincinnati
StateProv: OH
PostalCode: 45202
Country: US

How someone could ever figure out what that URL was without clicking on it who wasn’t already familiar with phishing schemes, I’ll never know. Phishing is partly social engineering, and my trust in Yahoo is what makes me think, “Sure, I believe that Yahoo could theoretically have some arrangement with other companies to redirect traffic.” The fact that mega companies with known brands have these holes makes this a big problem.

This entry was posted on Saturday, July 29th, 2006 at 4:15 pm and is filed under Phishing. You can leave a response as well.