Re: [Full-Disclosure] New phishing trick?

From: Steve Kudlak (stevex11_at_sbcglobal.net)
Date: 01/21/05

  • Next message: Carlos Ulver: "[Full-Disclosure] Netscape Overflow."
    Date: Fri, 21 Jan 2005 08:12:43 -0800
    To: Jeff Kell <jeff-kell@utc.edu>
    
    

    Jeff Kell wrote:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > Here's one I don't recall seeing before... very good looking eBay
    > phishing notice (can supply full text if anyone wants, but I'll keep
    > this to the interesting part) with the "money shot" URL consisting of
    > the following link:
    >
    > | <p align="justify"><font face="Verdana" size="1">Click below to
    > | continue :</font></p> <p align="left"><font face="Verdana" size="1"> <a
    > |
    > title="https://arribada.ebay.com/saw-cgi/eBayISAPI.dll?PlaceCCInfo&amp;page=0%..."
    >
    > |
    > href="http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=http://64.28.111.71/update">
    >
    > |
    > https://arribada.ebay.com/saw-cgi/eBayISAPI.dll?PlaceCCInfo&amp;page=0%...></font></tr>
    >
    >
    > The "displayed" anchor is https:// and directed at eBay (no surprise)
    > but the real URL really does go to eBay to a cgi that does a redirect to
    > the phishing site, with the target of the redirect appearing at the
    > extreme end of the URL (might have been a little better if obfuscated by
    > escaped unicoding or similar, but it's plaintext).
    >
    > eBay may have tweaked the redirecting cgi by now, but when I checked it
    > last night it worked (as a general redirect, I didn't examine the
    > phishing site target itself).
    >
    > Jeff
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.4.0 (MingW32)
    >
    > iD8DBQFB6/efot2VatFbXMERAhOUAJ4xuKIJh3IiNVKi2kvd036uNgScqQCeKPzj
    > V/jt6jY+dd9P5WC1gPbaxLs=
    > =gA3c
    > -----END PGP SIGNATURE-----
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter:
    http://lists.netsys.com/full-disclosure-charter.html
    >
    Yeah I got this one. Seeing as I have never had a dealing with ebay
    there was no way any
    account I had with them was nor about to try to correct anything. I did
    as of late get some
    strange phone calls from a number of companies claiming I was in arrears
    on all sorts of things.
    Only one valid, something had got mailed late. But I thought phising
    only worked by email
    when the person up to the nasty trick could do it and dissappear, but
    that it didn't work by
    phone, because I assume one has to have some bona fides with some bank
    or clearing house
    to do this..

    Have Fun,
    Sends Steve

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Carlos Ulver: "[Full-Disclosure] Netscape Overflow."

    Relevant Pages

    • [Full-Disclosure] New phishing trick?
      ... phishing notice (can supply full text if anyone wants, ... but the real URL really does go to eBay to a cgi that does a redirect to ... phishing site target itself). ...
      (Full-Disclosure)
    • Ebay phishing has got more sophisticated
      ... During the course of my work I found a customer running an Ebay phishing ... We get a LOT of phishing scams on our network but they are mainly caused by ... customers running phishing ...
      (uk.people.consumers.ebay)
    • Re: WARNING
      ... >>> I just received a new phishing message disguised as a notice from Ebay ... check your Ebay account directly. ... They keep threatening to disable ...
      (rec.music.classical.recordings)
    • Re: OT--Uh...oh..have I been suckered??
      ... I don't think that those types of attacks usually involve planting malware, they are after ID & password information. ... The email I got claimed to be from an Ebay user who was going to leave me negative feedback on some product. ... I still can't believe I even started to fall for this (I pride myself on not opening email attachments and recognizing all these phishing attempts). ... When you clicked on "reply", you entered what you THOUGHT was, and what LOOKED like, the E-Bay site to send a reply. ...
      (alt.sys.pc-clone.dell)
    • Re: PayPal: Steer clear of Safari
      ... As for not falling for Phishing, good spam filters are very helpful, ... you want to look at your bank, paypal or any other of the financial ... seeming to come from Paypal and its parent eBay, ... even the banks don't send out mail saying check this or ...
      (comp.sys.mac.apps)