|
|
|
|
|
|
by jerf
807 days ago
|
|
|
I infer that the display was getting rewritten, but the underlying target of the link would not. So if you posted "carfatwitter.com", the UI would display "carfax.com" but the underlying link would still go to "carfatwitter.com". Note I have no direct experience with this, it's just the only way this makes sense as a phishing vector. The alternative is that it is being presented as a phishing vector, but was never actually useful as such, and people are just jumping up to yell about a security issue without it actually being one. That happens too. |
|
|