• On The Insider: Britney's Bikini-Clad Top 10
October 28, 2007 4:36 PM PDT

Test your e-mail program

by Michael Horowitz
  • Font size
  • Print
  • 3 comments

My last posting, Defending against a phishing e-mail message, described a JavaScript trick bad guys use to make a link appear to go one place when it really goes somewhere else.

So you can test if your e-mail program (or Webmail system) falls for this type of forgery, I created a test e-mail message.

To receive my test e-mail message, send an e-mail to:

testmyemailprogram@michaelhorowitz.com


It does not matter what, if anything, is in the subject or the body of your message.

The test e-mail message contains a link that appears to go to CNET, but really goes to my personal Web site. When you move the mouse over the test link, you should see my personal Web site in the status bar. If however, you see the silly message below, then your e-mail program is vulnerable to manipulation with JavaScript.


Hope you pass the test.

Michael Horowitz is an independent computer consultant and the author of several classes on Defensive Computing. He is a member of the CNET Blog Network, and is not an employee of CNET. Disclosure.
Topics:

Phishing

Tags:

phishing,

e-mail

Share:
Digg
Del.icio.us
Reddit
Recent posts from Defensive Computing
Fixing bugs in the Flash Player yet again
Getting more battery power for your computer
Get an MSI Wind Netbook for only $349
Not interested in a Netbook computer? Consider the Honda Fit
Beware emails linking to blogspot.com
When Word documents break
More about printer ink rip-offs
Some computers are too important to be networked
Related
Symantec confirms zero-day Acrobat, Reader attack
Opera 10.5 pre-alpha goes Chrome hunting
Browser makers hope WebGL will remake 3D
Adobe to patch zero-day Reader, Acrobat hole
Adobe Security Issue: Reader, Acrobat vulnerabilities exploited
New Google Web Toolkit reveals Web-app speed
How-To: Installing and using open-source Unix software in OS X with Fink
Forward Yahoo Mail to Gmail for free
Add a Comment (Log in or register) (3 Comments)
  • prev
  • 1
  • next
Email Programs
by dog321 October 28, 2007 7:01 PM PDT
Oh! This is not good, So how do we fix this, or if I place my mouse over the url I will get the address that it's going to. your test was An eye opener. until I know how to fix this I will not send emails to anyone I dont know.
Reply to this comment
Try to turn off JavaScript
by mhinnewyork October 28, 2007 9:31 PM PDT
To "fix" this try to turn off JavaScript. I can't imagine a valid need for JavaScript in an email message.

Version 1 of Thunderbird had an option for the use of JavaScript. By default, JavaScript was disabled. This option seems to have disappeared from Thunderbird in version 2. It no longer does JavaScript at all.

There is always the option to view email in plain text format, but that's pretty drastic. It means looking at a lot of HTML code.

Michael Horowitz
Reply to this comment
by killerbee101 July 4, 2009 11:21 PM PDT
hello can you tell how to put alert on my yahoo email as i missing my mail
Reply to this comment
(3 Comments)
  • prev
  • 1
  • next
advertisement

Five New Year's resolutions for Google

Stakes are high as Google attempts to maintain one of the Internet's greatest cash machines while pushing into new and risky markets.
• Android event set for Jan. 5

For eBay sellers, a holiday hamster hangover

The gift frenzy over Zhu Zhu Pets leaves some power sellers feeling like they've just run a marathon--but the steep price tags lead to some impressive profits.

About Defensive Computing

Michael Horowitz is an independent computer consultant and the author of several classes on Defensive Computing. He views Defensive Computing as taking steps, when things are running well, to avoid or minimize the inevitable problems down the road. It's about educating yourself to the level where you can make your own intelligent decisions about keeping your computers and data happy and healthy. If you depend on computers, yet are on your own, without an IT department or nearby nerd, this blog's for you. His personal web site is michaelhorowitz.com.

He is a member of the CNET Blog Network and is not an employee of CNET.

Disclosure.

Add this feed to your online news reader

Defensive Computing topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET