MSIE 6 phishing exploit

A bogus link, suitably disguised as a link to Paypal, appeared in today's email. It exploits the fact that MSIE 6 is a cornucopia of obscure functions just waiting for somebody to use it for evil gain. I keep my MSIE and Windows XP configuration updated with all the latest security patches, but this is no defence against this type of phishing scams.

When I clicked it in MSIE 6, I was treated to the following screen:


Notice that the URL in address field tells you that you are supposed to be on on a secure PayPal page. But you are not. The phishermans page hides the address field (which shows http://johnsonseeds.com/paypal/redirect.php when you unhide it), and substitutes a dummy address field.

Sure, for those who know what look for , there are some signs that this is a fake: The padlock that is supposed to tell you you are on a secure page, is missing, some graphics have dead links, and the font in the address field is not right. But overall, this is a very convincing replica of a PayPal login page.

Don't be bitten: never trust a link you receive through email.