Re: phishing link using Google...

[Jeni Li <jeni.li () ASU EDU>]

<snip author="Gary">
> > |Out of curiosity, why would someone use Google as the
> > |start point of a phishing link?
</snip>

<snip author="Michael">
> One benefit of redirecting phishing targets through Google is so 
> enterprises can't block the phishing site for their constituency 
> using perhaps more traditional means - via DNS or advertising
> bogus routes for the destination web server's IP address.
</snip>

I thought the same thing at first, but I hit the URL in question with a sniffer running. All the Google hit does is 
302-redirect you to the URL provided in the query string (aside, seems like kind of a dumb "service" for Google to 
offer).

Because of the redirect, the client machine still makes a normal GET request to the phishy server, after hitting the 
Google URL... so the Google URL wouldn't serve effectively to work around any measures designed to block undesirable 
HTTP traffic.

Given that, I think Robert Kerr's rationale (working around anti-spam/privacy software that uses URI blacklists -- 
e.g., SpamAssassin at the server or Norton at the desktop) is the most probable. Thanks to Robert for posting; I was 
scratching my head over this for a while.

Jeni Li
Arizona State University