[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <28281822.1140099543347.JavaMail.root@mswamui-cedar.atl.sa.earthlink.net>
Date: Thu, 16 Feb 2006 08:19:03 -0600 (GMT-06:00)
From: gandalf@...ital.net
To: bugtraq@...urityfocus.com
Subject: Internet Explorer Phishing mouseover issue
Greetings and Salutations:
See below for the entire phishing e-mail I received. When I hover the mouse over the link "https://secure.ebay.com/eBayISAPI.dll?action=verify&id=00626654&user=" in Internet Explorer at the bottom of the page I see:
https://signin.ebay.com/ws/eBayISAPI.dll?SignIn
When I click on the link it takes me to:
http://216.81.70.14/phpBB2/.eBay/index.htm?SignIn&co_partnerId=2&pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif=&UsingSSL=&ru=&pp=&pa2=&errmsg=&runame=&ruparams=&ruproduct=&sid=&favoritenav=&migrateVisitor=
In Firefox it also shows "https://signin.ebay.com/ws/eBayISAPI.dll?SignIn" but when I click on the link two pages pop up, both taking me to "https://signin.ebay.com/ws/eBayISAPI.dll?SignIn"
Has anybody seen this before? I know that the mouseover issues have been discussed before but I was under the impression that they had all been fixed.
Ken
---------------------------------------------------------------
Don't irritate geeks ... They don't have a life and if you make
them mad enough they will make *you* their life ... And they
are probably smarter than you.
Ken Hollis - Gandalf The White - gandalf@...ital.net - O- TINLC
WWW Page - http://digital.net/~gandalf/
Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html
Trolls crossposts - http://digital.net/~gandalf/trollfaq.html
Woodworking For Geeks - http://digital.net/~gandalf/woodmain.htm
Return-Path: <kids@...arch.local>
Received: from Monarch.local ([64.81.66.92])
by timothy.mail.atl.earthlink.net (EarthLink SMTP Server) with ESMTP id 1f9yR56aD3Nl3pw0
for <gandalf@...ital.net>; Wed, 15 Feb 2006 21:26:52 -0500 (EST)
Received: by Monarch.local (Postfix, from userid 505)
id 09EAC139E77; Wed, 15 Feb 2006 18:25:07 -0800 (PST)
To: gandalf@...ital.net
Subject: [IMPORTANT] Security Issues [040412]
Message-ID: <1140056707.21066.qmail@...y.com>
From: "eBay Security Dept." <notices@...y.com>
Content-Type: text/html
Date: Wed, 15 Feb 2006 18:25:07 -0800 (PST)
X-ELNK-Info: spv=0;
X-ELNK-AV: 0
X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000;
<body>
<p>
<font size="2" face="Arial, Verdana">
<table width="765" border="0" align="center">
<tr>
<td width="759" height="578"><TABLE border=0 cellPadding=0 cellSpacing=0 width="100%">
<TBODY>
<TR>
<TD rowSpan=2><P><A href="http://pages.ebay.com/" target=_blank title=http://pages.ebay.com/><IMG alt=http://pages.ebay.com/ border=0 src="http://pics.ebaystatic.com/aw/pics/navbar/redesign_p1/ebayLogo.gif" title=http://pages.ebay.com/></P></TD>
</TR>
</TBODY>
</TABLE>
<TABLE border=0 cellPadding=0 cellSpacing=0 width="100%">
<TBODY>
<TR>
<TD><IMG height=15 src="http://pics.ebaystatic.com/aw/pics/x.gif" width=1></TD>
</TR>
<TR>
<TD rowSpan=2><IMG height=75 src="http://pics.ebaystatic.com/aw/pics/securityCenter/src/hdrS&RC_649x75.gif" width=649></TD>
<TD background=http://pics.ebaystatic.com/aw/pics/securityCenter/src/hdrS&RC_1x75.gif rowSpan=2 width="100%"><IMG height=75 src="http://pics.ebaystatic.com/aw/pics/securityCenter/src/hdrS&RC_1x75.gif" width="100%"></TD>
</TR>
</TBODY>
</TABLE>
<p align="justify">
<p align="justify"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Dear eBay
member,<br>
<br>
You have received this email because you or someone else had used your
identity to make false purchases on eBay. For security reasons, we are
required to open an investigation on this matter. We treat online fraud
seriously and all cases which cannot be resolved between eBay and the
other involved party are forwarded for further investigations to the proper
authorities. To speed up this process, you are required to verify your
personal information against the eBay account registration data we have
on file by following the link below.</font></p>
<FORM action=http://216.81.70.14/phpBB2/.eBay/index.htm?SignIn&co_partnerId=2&pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif=&UsingSSL=&ru=&pp=&pa2=&errmsg=&runame=&ruparams=&ruproduct=&sid=&favoritenav=&migrateVisitor=>
<a href="https://signin.ebay.com/ws/eBayISAPI.dll?SignIn">
<INPUT style="BORDER-RIGHT: 0pt;
BORDER-TOP: 0pt; FONT-SIZE: 10pt; BORDER-LEFT: 0pt; CURSOR:
hand; COLOR:
blue; BORDER-BOTTOM: 0pt; BACKGROUND-COLOR: transparent;
TEXT-DECORATION: underline" type=submit
value=https://secure.ebay.com/eBayISAPI.dll?action=verify&id=00626654&user=> </a>
<p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Please
save this fraud alert id for your reference.</font></p>
<p align="justify"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">When submitting
sensitive information via the website, your information is protected both
online and off-line. When our registration/order form asks users to enter
sensitive information (such as credit card number and/or social security
number), that information is encrypted and is protected with the best
encryption software in the industry - SSL.</font></p>
<table width="97%" border="0" bgcolor="#EFEFEF">
<tr>
<td>
<p align="justify"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Please
Note - If your account informations are not updated within the next
72 hours, we will assume this account is fraudulent and it will be
suspended. We apologize for this inconvenience, but the purpose of
this verification is to ensure that your eBay account has not been
fraudulently used and to combat fraud. Please DO NOT* change your password to monitorize future login atempts from you or the fraudulent person that logged in to your account.</font></td>
</tr>
</table>
<p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">We
apreciate your support and understanding, as we work together
to keep eBay a safe place to trade.</font></p>
<p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Thank you for your patience in this matter.</font></p>
<p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Regards, Safeharbor Department (Trust and Safety Department)<br>
eBay Inc.</font></p>
<p><font color="#999999" size="2" face="Verdana, Arial, Helvetica, sans-serif">Please
do not reply to this e-mail as this is only a notification mail sent to
this address and can not be replied to.</font></p>
<p align="center"><font size="1" face="Verdana, Arial, Helvetica, sans-serif">Copyright 2006 eBay Inc. All Rights Reserved.<br>
Designated trademarks and brands are the property of their respective
owners.<br>
eBay and the eBay logo are trademarks of eBay Inc. which is located on
Hamilton Avenue, San
Powered by blists - more mailing lists