Re: ebay IDENTITY THEFT

From: Plompetta (wiriowq_at_neibwdwqd.net)
Date: 06/05/04


Date: Sat, 5 Jun 2004 22:34:21 +0100


"Bill Unruh" <unruh@string.physics.ubc.ca> wrote in message
news:c9t1jc$sin$1@string.physics.ubc.ca...
> "Plompetta" <wiriowq@neibwdwqd.net> writes:
>
>
> ]"johns" <johns123@moscow.com> wrote in message
> ]news:c9jccc$133$1@news.fsr.net...
> ]> accounts @ ebay . com
> ]>
> ]> ( I broke it up on purpose ) is actually
> ]>
> ]> http://mounirhacker.free.fr/ebay/
> ]>
> ]> Somebody call the cops !!!!!!!!!!!!!! I'm posting the
> ]> body of the scam below:
> ]>
> ]> ------------------------------------------------------
> ]> Dear eBay User,
> ]> During our regular update and verification of the accounts,
> ]> we couldn't verify your current information.
> ]> Either your information has changed or it is incomplete.
> ]> Please update and verify your information by signing in your account.
> ]>
> ]> If your account information is not updated within 5 days,
> ]> your access will be restricted.
> ]>
> ]>
> ]> please go to the link below and enter the information required:
> ]> http://www.ebay.com/accounts/member/avncenter/?dll874432
> ]>
> ]> ----------------------------------------------------------
> ]>
> ]> To see the "phish", just copy the URL and paste it into Notepad.
> ]>
> ]> johns
> ]>
> ]>
>
> ]I don't understand how a non-HTML e-mail can contain a URL (ebay.com)
like
> ]this.
>
> ]It is not a new domain name, nor encoded in hex or whatever, or an IP
> ]address. How can it seem to be www.ebay.com ?
>
> The orginal poster was very confused. He thought that he could copy out
the
> original email he got and it would preserve all the html junk -- it did
> not.
> In the original email ( whicheveryone gets many a day) the ebay address
had
> a different address as the actual tag
> <A
>
href="httq://mounirhacker.free.fr/ebay/">http://www.ebay.com/accounts/member
/avncenter/?dll874432</A>
> (Of course the above might well be misread by some people's news readers
si
> I changed http to httq)
>
> Thus if your email program supports html tags, it will show the second
> address but open thefirst.
>
>
> Now I understand. What makes no sense is why the phisher did not bother
to use an IP address or at least hex code the URL.

Still suspicious but less so than as above.