Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Do legitimate organizations ever use incorrectly named links in their emails.

2 views
Skip to first unread message

mm

unread,
Nov 12, 2009, 12:52:26 PM11/12/09
to
Do legitimate organizations ever use incorrectly named, apparently
fraudulent links in their emails?

In Eudora, when the cursor is held about a link that is expresse not
in words but in url form, http:// form or www. form, and the
hypertext does not match the text, a bubble appears that points this
out, that warns the reader that clicking on the link will open a url
different from what it says.

Is this an unusual feature? Or do other readers, like OE, O,
Thunderbird, Netscape, etc. also have this feature?

Don't large email senders, even small ones, know about this, and know
that they will look shady if they do what spammers and phishers do?

For example, I got an email today that appears to be from American
Airlines. It uses their logo. :) It's addressed to me at my primary
email address which I rarely use anymore, except places where I don't
include my real name, but this email also has my real first and last
names, but which I may well have used 15 years ago when American first
asked for an email address. They know my real name of course because
I paid for the ticket with a real credit card.

It also includes an AAdvantage® Number, that is very similar or
identical to mine. Who can remember 7 characters!

The email suggests I use Secure Flight, which will somewhat speed my
way through security when I fly, by giving them my full name, date of
birth, gender (sex) and redress number (if applicable). I already
know that airlines want dae of birth now. It says for details, visit
www.aa.com/secureflight , (to prov but when the cursor is above that
url-like thing, a bubble appears that says "The actual host
(link.aa.com/XC....) is different from the host
www.aa.com/secureflight in the link text." Now, link.aa.com might
also be American Airlines, in fact I'm sure it is, but don't they know
it looks suspicious when the urls don't match?

Below that it says "For more information, visit www.dhs.gov/trip ."
but that link to really starts link.aa.com/.... All the links at the
bottom that use names instead of urls, like Unsubscribe, View Privacy
policy, all use addresses that start with link.aa.com. Even if one
hand does not know what the other hand is doing, how come the second
hand doens't know what to do?

John H Meyers

unread,
Nov 12, 2009, 4:31:06 PM11/12/09
to
On Thu, 12 Nov 2009 11:52:26 -0600:

> Do legitimate organizations ever use incorrectly named,
> apparently fraudulent links in their emails?

They may be doing something which is not in the least malicious.

> It says: for details, visit www.aa.com/secureflight

> [but the link is actually to]: link.aa.com/XC...

Companies always want to know the specific user who clicked
(and probably even the specific mailing you respond to,
or even what part of the entire message you finally clicked on!)

Every time I click a simple URL in even a plain text mail message
displayed in Gmail, or to go to a specific news story
displayed on news.google.com, for example,
the actual destination of my click
is not to the URL displayed on my screen, but is instead
to a Google server which records every "click through"
before actually then re-directing to the URL
which had appeared on the screen.

Each "invisible" URL contains a long code which,
directly or indirectly, identifies all of the information
that they want to know about my click,
before finally sending me onward
to the place that had actually been displayed.

Not even my web browser "bubble" shows this,
because Google's javascript
actually participates in the concealment of this fact!

Does this mean that Google is defrauding me?

It is a very common and usual practice.

"link.aa.com" is, after all,
in the same "aa.com" domain as "www.aa.com"

However, "security.paypal.com.blackbeard.the.pirate.ws"
is _not_ in the same domain as "paypal.com,"
nor is "172.16.123.123/paypal.com" Etc.

People handling money are often trained a bit,
to detect signs of counterfeiting;
we also need a bit of training to judge properly
whether URLs are reasonable or are malicious,
which simple software often doesn't judge well.

--

Stan Bischof

unread,
Nov 12, 2009, 5:19:32 PM11/12/09
to
There are legit uses for pass-through addresses like that
but most are indeed scams and Eudora is doing the safe
thing by notifying you.

For the ones that aren't obviously scams, I always
copy the actual URL into a browser rather that clicking
on the link in Eudora. MUCH Safer.

Stan

Message has been deleted

mm

unread,
Nov 14, 2009, 3:21:06 PM11/14/09
to
On Sat, 14 Nov 2009 10:20:28 -0800, Dennis Lee Bieber
<wlf...@ix.netcom.com> wrote:

>On Thu, 12 Nov 2009 12:52:26 -0500, mm <NOPSAM...@bigfoot.com>
>declaimed the following in comp.mail.eudora.ms-windows:


>
>
>> Below that it says "For more information, visit www.dhs.gov/trip ."
>> but that link to really starts link.aa.com/.... All the links at the
>> bottom that use names instead of urls, like Unsubscribe, View Privacy
>> policy, all use addresses that start with link.aa.com. Even if one
>> hand does not know what the other hand is doing, how come the second
>> hand doens't know what to do?
>

> Sounds like they are using one server (host) just to handle the
>click-throughs, and THAT server then extracts the actual target URL from
>the query strings (which may be configured to also send some identifier
>of who is doing the click-through).

Thanks all. This one had enough info, my full name and my AAdvantage
number, for which I'm sure the first 3 characters were right, and I
had done business with them before, that I'm sure it's them, but when
other emails do this, it looks suspicious and I just delete them.

0 new messages