| Yes, the clincher in that URL is the %00@ part. That bit means that the URL after the symbols is the real host, and is simply passing itself off as the URl before it. IE for Windows hides everything after those symbols, so people who get those emails think it's legitimate, which it wouldn't be anyway if it's asking for your PIN number.
There was an article in the Currents (read: Tuesday Life) section of our paper yesterday about this very kind of scandal, called phishing. The guy got an email purporting to be from Citibank asking for verification of his email address. Fortunately, he was smart enough to recognize the signs of fraud, but many others aren't so lucky.
__________________
System:
• 2.5 GHz MacBook Pro Core 2 Duo, 4 GB RAM, 200 GB hard drive, runs 10.5.4
• 1.6 GHz iMac G5, 1.5 GB RAM, 250 GB hard drive, runs 10.4.11
• iPhone, 4 GB, OS X 2.0.2 |