Re: [Full-Disclosure] New phishing trick?
From: Steve Kudlak (stevex11_at_sbcglobal.net)
Date: Fri, 21 Jan 2005 08:12:43 -0800 To: Jeff Kell <firstname.lastname@example.org>
Jeff Kell wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Here's one I don't recall seeing before... very good looking eBay
> phishing notice (can supply full text if anyone wants, but I'll keep
> this to the interesting part) with the "money shot" URL consisting of
> the following link:
> | <p align="justify"><font face="Verdana" size="1">Click below to
> | continue :</font></p> <p align="left"><font face="Verdana" size="1"> <a
> The "displayed" anchor is https:// and directed at eBay (no surprise)
> but the real URL really does go to eBay to a cgi that does a redirect to
> the phishing site, with the target of the redirect appearing at the
> extreme end of the URL (might have been a little better if obfuscated by
> escaped unicoding or similar, but it's plaintext).
> eBay may have tweaked the redirecting cgi by now, but when I checked it
> last night it worked (as a general redirect, I didn't examine the
> phishing site target itself).
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (MingW32)
> -----END PGP SIGNATURE-----
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Yeah I got this one. Seeing as I have never had a dealing with ebay
there was no way any
account I had with them was nor about to try to correct anything. I did
as of late get some
strange phone calls from a number of companies claiming I was in arrears
on all sorts of things.
Only one valid, something had got mailed late. But I thought phising
only worked by email
when the person up to the nasty trick could do it and dissappear, but
that it didn't work by
phone, because I assume one has to have some bona fides with some bank
or clearing house
to do this..
Full-Disclosure - We believe in it.