-
Nov 24th, 2023, 12:55 PM
#1
Strange HTML code
Shown below as HTML code is part of an extortion email that gets sent to my Hotmail account every once in a while.
Code:
<p style=3D"font-size: 12px; font-fam=
ily: Arial, sans-serif;">G<span class=3D"mso-ljvopyz"></span>r<span class=
=3D"mso-ysjwunk"></span>e<span class=3D"mso-jsmansp"></span>e<span class=3D=
"mso-biwfucf"></span>t<span class=3D"mso-cflrgiw"></span>i<span class=3D"ms=
o-dgwzdgg"></span>n<span class=3D"mso-caqrivu"></span>g<span class=3D"mso-z=
okjixk"></span>s<span class=3D"mso-tmeezpn"></span>!<span class=3D"mso-lukp=
ghp"></span></p>=0A=
If you look closely you will find a single character in front of each <span> tag that together spell out "Greetings!". Why would someone go to all this effort? Is it simply an effort to hide the message content? If it was, it did not work, as the message was quarantined anyway.
J.A. Coutts
-
Nov 29th, 2023, 01:25 PM
#2
Re: Strange HTML code
My guess is to evade email filters. Basically, by obfuscating the HTML and using character encoding it can sometimes cause the filters not to work.
Last edited by dday9; Dec 1st, 2023 at 10:31 AM.
-
Nov 29th, 2023, 04:04 PM
#3
Re: Strange HTML code
Originally Posted by dday9
My guess is to evade email filters. Basically, by obfuscating the HTML and using character encoding it can somethings cause the filters not to work.
I kinda have to agree. There seems to be a surge in scam emails lately, the majority of which originate from Outlook 365 or Gmail. Messages from these sources are hard to trace, because neither publishes the originating IP address. The latest one was in German and made it through. It traced back to AmazonAWS via the Domain name "stromzentrum.com", which Outlook said was permitted to use.
J.A. Coutts
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|