Insert link facilitates phishing attacks

Ashish Gupta ashmew2 at
Tue Nov 19 15:20:48 EST 2013

Even though a person can abuse hyperlinks in all applications that support
it,  maybe it's not that bad an idea being safe.

Say A sends to B a link :

Disguised as

The security check could then follow the WYSIWIG approach and always open
the link visible instead of whatever is contained in the URL.

If a user is dumb enough to click it,  he or she might as well get infected
with malware if it's a bad link. But other than that , if it's a bad link
concealed as a good one,  just stick to the good one.

And yeah.  Tooltips help.

- Ashish

On 11/19/2013 4:18 AM Gasper Zejn <zejn at> said unto
devel at

 Pidgin's feature insert link can be used to launch a phishing attack, see
> attached image.
> By inserting a link into description link, you can fool a more
> knowledgeable
> person thinking he is clicking a link to page A, when in fact the link will
> take him to page B.
> kind regards,
> Gašper Žejn
>  Just like every other application in the history or hyperlinks? You can
do the same in nearly every email client, word, every website, every other
chat client I've ever used...

I can understand the concern but it's not really something that can be
done, especially since even if this is removed, the person could then use a
link shortener to hide the malicious content still...


> _______________________________________________
> Devel mailing list
> Devel at
Devel mailing list
Devel at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Devel mailing list