Interesting. When I clicked on the link from home
and in Firefox, Google came up with a search page
saying that it was an invalid address. Today I pull
up the same message, click on the link, and this is
what I get:
The site you are looking for is closed, due to
non-ethical and/or abusive activity.
Wow! That's a first for me! I've never seen a
take-down notice like that. Almost gives you the warm
fuzzies if you didn't know what a .RU top level domain
means. (that's Russia for those who don't know)
When I went to forward this message for this LJ post,
I got a bit of a surprise. Remember my mention of
seeing what I thought of as Unicode? Well, I was off
slightly. As you'll see in the message below, there
are tons of #8328 and #8236 in the message. If I
recall correctly, this is the HTML method to display
characters not in the normal keyboard character set, I
would welcome clarification as I'm not quite the HTML
expert that I'd like to be. Anyway, the thing that
I'm curious about is whether or not this was a
deliberate attempt to obfuscate a pfishing email or if
it had something to do with the message originating
from Russia.
--- "Barclays" <gx1wtbnfdw@yahoo.com>
wrote:
Date: Tue, 29 Mar 2005 03:44:52 -0800 (PST)
From: "Barclays"
<gx1wtbnfdw@yahoo.com>
Subject: Bcralays Emlia
Verifitacion
To: XXXXXXXXXX@yahoo.com (not me, they BCCd almost
all of the message recipients)
D#8238;rae#8236; B#8238;lcra#8236;ays
M#8238;me#8236;ber,
T#8238;sih#8236; e#8238;liam#8236; was
s#8238;ne#8236;t by the Barc#8238;yal#8236;s
ser#8238;rev#8236; to ve#8238;yfir#8236;
y#8238;uo#8236;r em#8238;ia#8236;l
a#8238;erdd#8236;ss. You m#8238;su#8236;t
com#8238;telp#8236;e t#8238;ih#8236;s
p#8238;or#8236;cess by c#8238;nikcil#8236;g on the
l#8238;kni#8236; be#8238;ol#8236;w and
enteri#8238;gn#8236; in the sm#8238;la#8236;l
win#8238;wod#8236; y#8238;ruo#8236;
Barc#8238;syal#8236; Me#8238;hsrebm#8236;ip
nu#8238;bm#8236;er, passcode and memo#8238;ar#8236;ble
w#8238;ro#8236;d. T#8238;sih#8236; is d#8238;eno#8236;
for yo#8238;ru#8236; protec#8238;noit#8236; -
b#8238;esuace#8236; s#8238;emo#8236; of our
me#8238;srebm#8236; no lo#8238;regn#8236;
h#8238;va#8236;e a#8238;secc#8236;s to
th#8238;rie#8236; ema#8238;li#8236;
a#8238;erdd#8236;sses and we m#8238;tsu#8236;
v#8238;yfire#8236; it. To ve#8238;fir#8236;y
y#8238;uo#8236;r e#8238;iam#8236;l a#8238;serdd#8236;s
and a#8238;secc#8236;s y#8238;ruo#8236;
b#8238;na#8236;k accou#8238;tn#8236; ,
c#8238;cil#8236;k on the l#8238;kni#8236; be#8238;wol#8236;:
and in Firefox, Google came up with a search page
saying that it was an invalid address. Today I pull
up the same message, click on the link, and this is
what I get:
The site you are looking for is closed, due to
non-ethical and/or abusive activity.
Wow! That's a first for me! I've never seen a
take-down notice like that. Almost gives you the warm
fuzzies if you didn't know what a .RU top level domain
means. (that's Russia for those who don't know)
When I went to forward this message for this LJ post,
I got a bit of a surprise. Remember my mention of
seeing what I thought of as Unicode? Well, I was off
slightly. As you'll see in the message below, there
are tons of #8328 and #8236 in the message. If I
recall correctly, this is the HTML method to display
characters not in the normal keyboard character set, I
would welcome clarification as I'm not quite the HTML
expert that I'd like to be. Anyway, the thing that
I'm curious about is whether or not this was a
deliberate attempt to obfuscate a pfishing email or if
it had something to do with the message originating
from Russia.
--- "Barclays" <gx1wtbnfdw@yahoo.com>
wrote:
Date: Tue, 29 Mar 2005 03:44:52 -0800 (PST)
From: "Barclays"
<gx1wtbnfdw@yahoo.com>
Subject: Bcralays Emlia
Verifitacion
To: XXXXXXXXXX@yahoo.com (not me, they BCCd almost
all of the message recipients)
D#8238;rae#8236; B#8238;lcra#8236;ays
M#8238;me#8236;ber,
T#8238;sih#8236; e#8238;liam#8236; was
s#8238;ne#8236;t by the Barc#8238;yal#8236;s
ser#8238;rev#8236; to ve#8238;yfir#8236;
y#8238;uo#8236;r em#8238;ia#8236;l
a#8238;erdd#8236;ss. You m#8238;su#8236;t
com#8238;telp#8236;e t#8238;ih#8236;s
p#8238;or#8236;cess by c#8238;nikcil#8236;g on the
l#8238;kni#8236; be#8238;ol#8236;w and
enteri#8238;gn#8236; in the sm#8238;la#8236;l
win#8238;wod#8236; y#8238;ruo#8236;
Barc#8238;syal#8236; Me#8238;hsrebm#8236;ip
nu#8238;bm#8236;er, passcode and memo#8238;ar#8236;ble
w#8238;ro#8236;d. T#8238;sih#8236; is d#8238;eno#8236;
for yo#8238;ru#8236; protec#8238;noit#8236; -
b#8238;esuace#8236; s#8238;emo#8236; of our
me#8238;srebm#8236; no lo#8238;regn#8236;
h#8238;va#8236;e a#8238;secc#8236;s to
th#8238;rie#8236; ema#8238;li#8236;
a#8238;erdd#8236;sses and we m#8238;tsu#8236;
v#8238;yfire#8236; it. To ve#8238;fir#8236;y
y#8238;uo#8236;r e#8238;iam#8236;l a#8238;serdd#8236;s
and a#8238;secc#8236;s y#8238;ruo#8236;
b#8238;na#8236;k accou#8238;tn#8236; ,
c#8238;cil#8236;k on the l#8238;kni#8236; be#8238;wol#8236;: