quote:
Originally posted by CookieRevised
The only way to see the true URL is by looking at your statusbar in your email client (or browser). What is displayed in the text can be whatever they wanted it to be...
Even that is not fool-proof. Statusbar text can easily be changed in various browsers with some scripting. The location bar at the top of your browser is safer for that matter. The downside is that you have to click the link first, but once you clicked you'll have the true location in your location bar. But even then you should watch out:
http://www.paypal.com.accountinfo.login.evilspoof...ite.cx/stealmoney/
That site begins with paypal.com and looks safe when your browser only shows the first part of the URL.... but when you scroll to the part at the end you'll see it's actually a subdomain on evilspoofingsite.cx.
/ 
