Worst Phisher Ever

I get the feeling this scammer doesn't quite understand how phishing is supposed to work. I almost feel sorry for him.

Update:
Holy Crap! I guess this phisher is way more clever than I gave him credit for. When viewed in Firefox, the text below is completely scrambled. In IE, it appears normal. I'm not sure why that is, but looking at the HTML it looks like its exploiting some flaw in IE. It even makes it all the way through Bloglines (my RSS aggregator) like that: scrambled in Firefox, normal in IE.

Update 2:
This appears to be a new exploit, and quite clever too. Ned has written a detailed analysis. That's the last time I almost feel sorry for a scammer.

----------
Date: Fri, 8 Apr 2005 11:00:57 -0700 (PDT)
From:"Ba޶rcl޺ays" <bm11li0x0d@yahoo.com>
Subject: Ba‮yalcr‬s E‮am‬il Verif‮itaci‬on

De‮ra‬ B‮cra‬lays Me‮rebm‬,


T‮sih‬ e‮am‬il was se‮tn‬ by the Ba‮lcr‬ays s‮vre‬er to v‮ire‬fy y‮ruo‬
e‮am‬il ad‮sserd‬. You m‮tsu‬ com‮elp‬te t‮sih‬ proc‮se‬s by c‮il‬cking
on
the l‮kni‬ b‮wole‬ and ente‮gnir‬ in the s‮am‬ll wi‮wodn‬ y‮ruo‬
B‮alcra‬ys M‮bme‬ership n‮ebmu‬r, pa‮edocss‬ and m‮barome‬le w‮ro‬d.
T‮sih‬
is d‮eno‬ for y‮uo‬r pro‮tcet‬ion - b‮ace‬use s‮emo‬ of our memb‮re‬s
no l‮regno‬ h‮va‬e a‮secc‬s to t‮eh‬ir e‮liam‬ a‮sserdd‬es and
we
m‮tsu‬ ver‮yfi‬ it. To ve‮fir‬y y‮ruo‬ e‮liam‬ a‮rdd‬ess and acc‮sse‬ y‮ruo‬ ba‮kn‬ ac‮oc‬unt , cl‮kci‬ on the l‮kni‬ bel‮wo‬:
http://www.barclays.com/?Mb2TvaN32E5_JA7oxSaOmBrBq3TBeLqHTRluSoDl_Wn_K_oZFTuQHFZIXGI5x8NTGos5qlp

Posted April 8, 2005 2:22 PM

Comments

If that's for real, wow. And here I thought that phishing was getting more and more sophisticated *stunned*.

I just wish I got ones as interesting as that ;)

Eric Burnett

Eric Burnett, April 9, 2005 12:56 AM

It's for real. I was just as surprised as you, but I guess I shouldn't be, using a computer doesn't make criminals any smarter. I picture a guy somewhere feeling smug that his phishing scam is able to get past the spam filters, and is eagerly awaiting all the stolen passwords that must be on their way.

Damien, April 9, 2005 10:02 AM

They're doing some very sophisticated stuff to get past spam blockers!

Unicode has "characters" that specify right-to-left or left-to-right rendering. His text switches directions every few characters so that IE will display it properly, but spam filters, even those which know to ignore non-printing Unicode characters, will see gibberish. Looks like Mozilla doesn't properly interpret the directional controls.

Very impressive....

Ned Batchelder, April 9, 2005 1:36 PM

I've put more details on my blog: http://www.nedbatchelder.com/blog/20050409T155246.html

Ned Batchelder, April 9, 2005 4:56 PM

Well, fooled me. thats a neat trick though...gotta love it how all the best things are created by people trying to screw you over. But such is the way of the internet, I guess.

Eric Burnett, April 10, 2005 9:25 PM

Not to mention that it links to a possible IE exploited URL:

http://%09%6e0%68fr2%6d%2e%09%64%[1.%72%55/

That actually looks like this to IE when unencoded:

http:// n0hfr2m. d%[1.rU/

Even though it looks like a legit URL (except for the mumbo jumbo in the query string - the stuff after the question mark).

etM, June 10, 2005 11:01 AM

search engine, July 14, 2005 2:59 AM