Our rogue software researcher Patrick (last name withheld to protect the innocent) goes to some strange places on the Internet pretty much on a daily basis. Recently he drew our attention to some interesting URL obfuscation: vvindows.com and google-rnail.com. Look carefully at them. In the first, two “v”s look like a “w” and in the second, “r” and “n” combine to look like an “m.”
To someone browsing the Web, clicking on URLs in those nice emails that somebody keeps sending about bargain drugs and knockoff watches, the URLs in links are just blue squiggles that you put your cursor on before clicking the mouse. You REALLY shouldn’t do that. You SHOULD take a look at the URL. In these two cases, you should look CAREFULLY. The first one, if just glanced at, would appear to be windows.com instead of vvindows.com.
It leads (through a redirect) to a legitimate site. So, that was an honest business using some tricky marketing.
The second, however, wasn’t so innocent. Clearly “google-rnail.com” is meant to look like “google-mail.com.”
That one, according to Patrick, was a look-alike page that would steal a visitor’s GMail username and password. He watched it in action with a sniffer on his test machine.
That was before it was shut down:
The URL “google-mail.com” doesn’t exist:
It’s just one more technique on the web to take you places where you really don’t want to go.
Tom Kelchner