Content deleted Content added
cat |
→Security vulnerabilities: add links to web bug and e-mail privacy |
||
Line 36:
HTML allows for a link to have a different target than the link's text. This can be used in [[phishing]] attacks, in which users are fooled into believing that a link points to the website of an authoritative source (such as a bank), visiting it, and unintentionally revealing personal details (like bank account numbers) to a scammer.
If an email contains [[web bug]]s inline content from an external server, such as an [[Digital image|image]], the server can alert a third party that the e-mail has been opened. This is a potential [[e-mail privacy|privacy]] risk, revealing that an email address is real (so that it can be targeted in the future) and revealing when the message was read. For this reason, some e-mail clients do not load external images until requested to by the user, but this is often not enough since there are many other ways of creating web bugs.
The multipart type is intended to show the same content in different ways, but this is sometimes abused; some [[e-mail spam]] takes advantage of the format to trick [[spam filter]]s into believing that the message is legitimate. They do this by including innocuous content in the text part of the message and putting the spam in the HTML part (which is what displays to the user).
| |||