Also called a hyperlink trick, an obfuscated URL is a type of attack where the real URL that a user is directed to is obfuscated – or concealed – to encourage the user to click-through to the spoof Web site. For example, the attacker may use a cleverly misspelled domain name (e.g. PayPals.com instead of PayPal.com), or hide the actual URL in friendly text, such as “click here to verify your account now“. Obfuscated URLs are commonly used in phishingattacks and other spam e-mails.
See also image spam.
Also see the All About Phishing page in the Did You Know? section of Webopedia.
