| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: stevex11 at sbcglobal.net (Steve Kudlak) Subject: New phishing trick? Jeff Kell wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Here's one I don't recall seeing before... very good looking eBay > phishing notice (can supply full text if anyone wants, but I'll keep > this to the interesting part) with the "money shot" URL consisting of > the following link: > > | <p align="justify"><font face="Verdana" size="1">Click below to > | continue :</font></p> <p align="left"><font face="Verdana" size="1"> <a > | > title="https://arribada.ebay.com/saw-cgi/eBayISAPI.dll?PlaceCCInfo&page=0%..." > > | > href="http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=http://64.28.111.71/update"> > > | > https://arribada.ebay.com/saw-cgi/eBayISAPI.dll?PlaceCCInfo&page=0%...</a></font></tr> > > > The "displayed" anchor is https:// and directed at eBay (no surprise) > but the real URL really does go to eBay to a cgi that does a redirect to > the phishing site, with the target of the redirect appearing at the > extreme end of the URL (might have been a little better if obfuscated by > escaped unicoding or similar, but it's plaintext). > > eBay may have tweaked the redirecting cgi by now, but when I checked it > last night it worked (as a general redirect, I didn't examine the > phishing site target itself). > > Jeff > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.0 (MingW32) > > iD8DBQFB6/efot2VatFbXMERAhOUAJ4xuKIJh3IiNVKi2kvd036uNgScqQCeKPzj > V/jt6jY+dd9P5WC1gPbaxLs= > =gA3c > -----END PGP SIGNATURE----- > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > Yeah I got this one. Seeing as I have never had a dealing with ebay there was no way any account I had with them was nor about to try to correct anything. I did as of late get some strange phone calls from a number of companies claiming I was in arrears on all sorts of things. Only one valid, something had got mailed late. But I thought phising only worked by email when the person up to the nasty trick could do it and dissappear, but that it didn't work by phone, because I assume one has to have some bona fides with some bank or clearing house to do this.. Have Fun, Sends Steve
Powered by blists - more mailing lists