5.1.7 Hiding the Host Information
Links in emails using the @ format discussed sometimes take the trick a step further by inserting a null or other unprintable character before the @ symbol, which prevents the
host information from being displayed in the address bar of the browser. Web browsers generally display the URL information for the current Web page in the address bar. However, if the @ format is used in the link in the email, some versions of
Microsoft Internet Explorer will not display the host information. [12] For example, if a fraudster uses the format @, the is displayed in the browser address bar in Microsoft Internet Explorer and the information is concealed. Using the same example given above:
http://cgi1.ebay.com.awcgiebayISAPI.dll%00@210.93.131.250/index.htm
The character represented by “%00” causes only the userinfo “http://cgi1.ebay.com.awcgiebayISAPI.dll” to be displayed in the browser address bar, but the Web page is actually
accessed by the host information, “210.93.131.250/my/index.htm.”