I received this email today:

>To: barticus@worldnet.att.net
>Subject: SendMoneyNow Order #4833.Fraud Alert.
>
>Fraud transaction alert.
>
>Dear customer,
>
>Send Money Now is a global leader in online money transfer services, with a history of pioneering service dating back more than 5 years.
>
>Recently, we have received an order for money transfer services in amount of $373.56 paid by using your debit card.
>Our Fraud Department has suspended this order due to high probability of fraud.
>
>In security purposes, the order can be approved or declined only by the real cardholder.
>Please, follow the link below to resolve this matter:
>
>http://send-money-now.com/order_verify.cgi?f9skk
>
>Sorry for the inconvenience and thanks for your understanding.
>
>Sincerely,
>Send Money Now Security Team


This is a twist on the usual scam. Usually, the apparent domain is a well
known company I do business with, but not only have I never heard of
send-money-now.com, a WHOIS says the domain is not registered. The other
twist is that rather than asking me to complete a transaction which had a
problem, this email invites me to fight fraudulent use of my account.
After all, everyone has heard to watch out for online fraud, so obviously
I need to reply to this to "protect" myself.

It gets weirder. A brilliant part of this con is that it looks like a
plain text message with the URL highlighted because the email program
recognizes it as a URL. In reality it's HTML and the apparent URL is
actually the link text for another URL. In this case the real URL appears
to be sendmoneynow.com. That domain exists, but is not in use. It just
says "The business sendmoneynow.com does not exist. Any email regarding
business at sendmoneynow.com is fake and is not authorized by the owner of
this domain name."

The real URL starts with "sendmoneynow.com:" followed by a gbuch of
garbage characters, then "@" and an IP address. It's just like an email
address, the part before the @ is a username (in theory) and the part
after the @ is the server name (or number). This is a serious security
flaw in the HTTP protocol, because it gives the user the sense that they
are somewhere they are not. I am sure that someone somewhere is using
this feature for its intended purpose, but it is mostly used for
deception.

Browsers should warn the user whenever they go to a URL with an @ sign
before the server name. There should then be the option to add the domain
or IP address to a list of trusted servers where the user really uses the
http://user@server feature.
--
RB |\ © Randall Bart
aa |/ admin@RandallBart.spam.com Barticus@att.spam.net
nr |\ Please reply without spam I LOVE YOU 1-917-715-0831
dt ||\ They're Murdering Terri Schiavo http://www.terrisfight.org
a |/ Multiple sclerosis: http://www.cbc.ca/webone/alison/
l |\ DOT-HS-808-065 The Church Of The Unauthorized Truth:
l |/ MS^7=6/28/107 http://yg.cotut.com mailto:s@cotut.com