Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Recently, I received an E-Mail which looked a lot like a phishing attempt. It contained a link to sign in to "paypal.com", but when hovering over the link, it was revealed to be something like "https://epl.paypal-communication.com/T/ve3648d90e0f976ec10e4.... Really stupid idea to make users believe that "https://random.paypal-suffix.com" might be legit. I wonder why domains like "paypal-comunication.com" are not registered for nefarious purposes yet.


Here's a sample of different "clickable" URLS you can find in an email from the NSLSC, the Canadian student loans department:

  click.csnpenslsc.ca
  csnpe-nslsc.cibletudes-canlearn.ca
  nslsc.ca
  app.studentlending.ca
  protege-secure.csnpe-nslsc.canada.ca
Important to note that this is a department that manages tens to hundreds of thousands in loans per user, asked users to recreate an account multiple times, on a variety of domains, by providing critical personal info (including SIN), and sent threatening notices demanding payment for nebulous charges that later resolved themselves.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: