Can you tell me where this link takes you? www.PayPal.com
. If you think you know the answer you're probably wrong. Even the gibberish on the end isn't what it appears to be. Its safe to click on it, but you would never know by looking.
Ok, we just had the fun part of this discussion. The profit part is done by those phishing for information. Google, Yahoo, and a number of other websites are making it far to easy for phishers and those distributing trojans to hide where a link, button, or graphic takes you. Viewing the source or floating your cursor of a link doesn't help. I wrote an article on how this works and why these search engines need to fix the problem. You can read it at: NIST.org
(that's a real link btw
:-) ) Be sure to come back to BleepingComputer to comment.
btw: A real phishing scheme would take you to a compromised computer where they've started a webserver (a home computer on a DSL connection would work just fine) and immediately redirect you (again) to a clean looking URL (using redirection from that webserver). The page would look just like PayPal or some other online financial company. Where you would then be prompted to login. Most of these sites just collect your login information and then feed you a page saying the 'server is currently down, please try again later', so you don't get wise to them. Or they can then redirect you to the real PayPal login screen so you can login normally. That way you don't get the least bit suspicious that the previous attempt was phoney. Either way they now have your login information and can clean you out rather quickly. That's why these major search engines need to clean up their act and fix their redirection routines. Currently its far to easy to fake who you are. What I've described above is already happening, a lot.