Because of the way Windows works, programs such as Outlook and Internet Explorer can accept input as either plain text or hexadecimal ASCII codes. This means it's perfectly possible to access a Web site by taking the URL, converting each character to its decimal ASCII code, converting that decimal code into a hexadecimal value, and then supplying the result to Internet Explorer! This example might require a small leap of faith, but it does work. Let's do the conversion with www.cnet.com:

1. The first character of the URL is w. The decimal ASCII code of w is 119.
2. 119 converted to hexadecimal is 77 (7 x 16 +7).
3. The URL begins with www, so the first three hex codes are 77, 77, 77.
4. The next character is a full stop. The decimal ASCII code of . is 46.
5. 46 converted to hexadecimal is 2E.
6. Our hex codes are now 77, 77, 77, 2E.

%77%77%77%2E%63%6E%65%74%2E%63%6F%6D

Returning to the URL in the phishing e-mail, the point of all this conversion and messing about is nothing other than to confuse the reader and obfuscate its true purpose. Obfuscating URLs in this manner is a common trick used by malware and spyware programmers, too -- you'll often see this type of text in the output of HijackThis or Spybot if you're unlucky enough to be infected.

The URL in the example phishing e-mail is valid and reachable. If you do decide to decode it, you're very strongly warned not to visit the Web site under any circumstances. It's a live, malicious Web site.