javascript trickery masks evil URLs

Yes… hover and check…

If you are like me, “hover over the link and read the URL before you click” is a basic piece of advice you give to people who want to know how to avoid malicious links in web pages and emails.  Well, it looks like a little bit of Javascript trickery can be used to make malicious links look benign until they are clicked.  While email clients like Outlook will not execute Javascript in messages, links in web applications or webmail accounts could be disguised in this way.  Sounds like we need a browser based fix to combat this – it is possible, since Opera apparently is not fooled by this behavior.

Leave a Reply