eBay phishing - phishers are getting better
From: John Gateley (gateley_at_jriver.com)
Date: 07/21/05
- Previous message: Christopher Kunz: "Advisory 11/2005: Multiple vulnerabilities in Contrexx"
- Next in thread: Ivaylo Zashev: "Re: eBay phishing - phishers are getting better"
- Reply: Ivaylo Zashev: "Re: eBay phishing - phishers are getting better"
- Maybe reply: info_at_securityfocus.com,: "Re: eBay phishing - phishers are getting better"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 21 Jul 2005 15:33:22 -0500 To: bugtraq@securityfocus.com
I just got another phishing scam (targeting eBay).
The twist is that the subject line included my eBay username,
and it was sent to my eBay e-mail address. The Phishers have
figured out how to get one from the other, I don't know how.
I sent it on to eBay but just got a standard form letter
back.
Is this happening to anyone else? Anyone know how they
were able to figure out my e-mail from user name (or
vice versa)?
j
text, with relevant portions removed:
Return-Path: <apache@www.nec.com.hk>
Delivered-To: xxxx@xxxx.xxxx.org
Received: (qmail 15267 invoked by alias); 21 Jul 2005 17:05:07 -0000
Delivered-To: xxxx@xxxx.org
Received: (qmail 15264 invoked from network); 21 Jul 2005 17:05:07 -0000
Received: from unknown (HELO localhost.localdomain) (203.194.209.141)
by xxxx.xxxx.com with SMTP; 21 Jul 2005 17:05:07 -0000
Received: from www.nec.com.hk (www.nec.com.hk [127.0.0.1] (may be forged))
by localhost.localdomain (8.13.1/8.13.1) with ESMTP id j6LIL8VB001107
for <xxxx@xxxx.org>; Fri, 22 Jul 2005 02:21:08 +0800
Received: (from apache@localhost)
by www.nec.com.hk (8.13.1/8.13.1/Submit) id j6LIL7MX001106;
Fri, 22 Jul 2005 02:21:07 +0800
Date: Fri, 22 Jul 2005 02:21:07 +0800
Message-Id: <200507211821.j6LIL7MX001106@www.nec.com.hk>
From: "eBay" <aw-confirm@ebay.com>
Reply-to: 6884-lbpl-4t94@noreplay.ebay.com
Subject: Notification of Limited Account Access for xxxx
To: xxxx@xxxx.org
Content-type: text/html
<html>
<style type="text/css">
<!--
.style3 {color: #FFFFFF}
-->
</style>
<body>
<table border="0" width="100%">
<tr>
<td width="15%" align="left">To:</td>
<td>xxxx</td>
</tr>
<tr>
<td width="15%" align="left">From:</td>
<td>eBay<span class="style3">( codeID=2574-h04b-ug97)</span></td>
</tr>
<tr>
<td width="15%" align="left">Subject:</td>
<td>Notification of Limited Account Access for xxxx<span class="style3"> x route </span></td>
</tr>
<tr>
<td colspan="2">------------------------------------------------------------</td>
</tr>
<tr>
<td colspan="2"><table cellpadding="2" cellspacing="0" border="0" style="border: #e0e0e0 1px solid;" width="100%">
<tr>
<td><p class="V1Gray"><img alt="The World's Online Marketplace" src="http://battellemedia.com/images/ebayLogo-tm.jpg" border=0></p>
<p class="V1Gray">eBay sent this message to xxxx (xxxx@xxxx.org
).<br>
</p></td>
</tr>
</table>
<table cellSpacing="0" cellPadding="0" width="100%" align="center" border="0">
<tbody>
<tr>
<td bgColor="#9999cc" width="1"><img height="1" src="http://pics.ebaystatic.com/aw/pics/s.gif"></td>
<td>
<table cellSpacing="0" cellPadding="0" width="100%" align="center" border="0">
<tbody>
<tr bgColor="#9999cc" height="26">
<td> <span class="A3B" style="color:white;">Welcome to My Messages</span></td>
</tr>
<tr>
<td>
<table cellSpacing="0" cellPadding="5" width="100%" bgColor="white" border="0">
<tbody>
<tr>
<td colSpan="6" bgcolor="#FFFFFF"><img src="http://pics.ebaystatic.com/aw/pics/myMessages/note_570x30.gif" alt=" " border="0">
<p>
Dear <span class="V1Gray"> xxxx (xxxx@xxxx.org
),</span></p>
<p>
This e-mail is the notification of recent innovations taken by eBay to detect inactive customers and
non-functioning billing process.<br>
The inactive customers are subject to restriction and removal in the next 3 days. <br>
You must click the link to complete the process.</p>
<p><a href="http://signin.ebay.com.aw-cgi2.com/eBayISAPI.dll?VerifyID&PlaceInfo&LogUID=xxxx;UserRoute=2574-h04b-ug97">http://signin.ebay.com/eBayISAPI.dll?Signln&UserIDmail=xxxx@xxxx.org
</a> <span class="style3"> =
type=state&param=xxxx-2574-h04b-ug97</span></p>
<p align="left">(To complete the verification process you must fill in all the required fields)</p>
<p> Notice: Refusal to cooperate in an investigation or provide confirmation of identity when requested are subject to restriction and removal in the next 3 days </p>
<p>Regards,<br>
Customer Support (Trust and Safety Department), <span class="style3"> </span></p></td>
</tr>
<tr>
<td height="10"></td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td width="100%" bgColor="#9999cc"><img height="1" src="http://pics.ebaystatic.com/aw/pics/s.gif" width="1"></td>
</tr>
</tbody>
</table>
</td>
<td bgColor="#9999cc" width="1"><img height="1" src="http://pics.ebaystatic.com/aw/pics/s.gif" width="1"></td>
</tr>
</tbody>
</table>
<hr size="1"></td>
</tr>
</table>
</body>
</html>
-- Public key at http://www.jriver.com/~gateley
- application/pgp-signature attachment: stored
- Previous message: Christopher Kunz: "Advisory 11/2005: Multiple vulnerabilities in Contrexx"
- Next in thread: Ivaylo Zashev: "Re: eBay phishing - phishers are getting better"
- Reply: Ivaylo Zashev: "Re: eBay phishing - phishers are getting better"
- Maybe reply: info_at_securityfocus.com,: "Re: eBay phishing - phishers are getting better"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
