Next time you get an email from the IRS claiming you have a refund due, don’t jump for joy yet. It might be a phishing email and this one’s not as easy to spot as you might think. Carefully exploiting something called an open redirect, the link in the email at first looks like it the real deal according to an article on CNet. So how does this work?

For that, Netcraft gave an excellent example

http://usa.visa.com/track/dyredir.jsp?rDirl=http://200.251.251.10/.verified/

The URL redirected users to a phishing site hosted at http://200.251.251.10/.verified/ , and used a common browser vulnerability to spoof the real URL in the address bar.

You know what’s the first thing I did? Check my own URLs especially the URLs to dynamically generated pages. So maybe the chances of someone trying to pose as me may be rare but hey why make it easy?