Re: [Full-Disclosure] New phishing trick?

From: Steve Kudlak (
Date: 01/21/05

  • Next message: Carlos Ulver: "[Full-Disclosure] Netscape Overflow."
    Date: Fri, 21 Jan 2005 08:12:43 -0800
    To: Jeff Kell <>

    Jeff Kell wrote:

    > Hash: SHA1
    > Here's one I don't recall seeing before... very good looking eBay
    > phishing notice (can supply full text if anyone wants, but I'll keep
    > this to the interesting part) with the "money shot" URL consisting of
    > the following link:
    > | <p align="justify"><font face="Verdana" size="1">Click below to
    > | continue :</font></p> <p align="left"><font face="Verdana" size="1"> <a
    > |
    > title=";page=0%..."
    > |
    > href="">
    > |
    > The "displayed" anchor is https:// and directed at eBay (no surprise)
    > but the real URL really does go to eBay to a cgi that does a redirect to
    > the phishing site, with the target of the redirect appearing at the
    > extreme end of the URL (might have been a little better if obfuscated by
    > escaped unicoding or similar, but it's plaintext).
    > eBay may have tweaked the redirecting cgi by now, but when I checked it
    > last night it worked (as a general redirect, I didn't examine the
    > phishing site target itself).
    > Jeff
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.4.0 (MingW32)
    > iD8DBQFB6/efot2VatFbXMERAhOUAJ4xuKIJh3IiNVKi2kvd036uNgScqQCeKPzj
    > V/jt6jY+dd9P5WC1gPbaxLs=
    > =gA3c
    > -----END PGP SIGNATURE-----
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter:
    Yeah I got this one. Seeing as I have never had a dealing with ebay
    there was no way any
    account I had with them was nor about to try to correct anything. I did
    as of late get some
    strange phone calls from a number of companies claiming I was in arrears
    on all sorts of things.
    Only one valid, something had got mailed late. But I thought phising
    only worked by email
    when the person up to the nasty trick could do it and dissappear, but
    that it didn't work by
    phone, because I assume one has to have some bona fides with some bank
    or clearing house
    to do this..

    Have Fun,
    Sends Steve

    Full-Disclosure - We believe in it.

  • Next message: Carlos Ulver: "[Full-Disclosure] Netscape Overflow."