[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <41F129FB.6010906@sbcglobal.net>
From: stevex11 at sbcglobal.net (Steve Kudlak)
Subject: New phishing trick?
Jeff Kell wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Here's one I don't recall seeing before... very good looking eBay
> phishing notice (can supply full text if anyone wants, but I'll keep
> this to the interesting part) with the "money shot" URL consisting of
> the following link:
>
> | <p align="justify"><font face="Verdana" size="1">Click below to
> | continue :</font></p> <p align="left"><font face="Verdana" size="1"> <a
> |
> title="https://arribada.ebay.com/saw-cgi/eBayISAPI.dll?PlaceCCInfo&page=0%..."
>
> |
> href="http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=http://64.28.111.71/update">
>
> |
> https://arribada.ebay.com/saw-cgi/eBayISAPI.dll?PlaceCCInfo&page=0%...</a></font></tr>
>
>
> The "displayed" anchor is https:// and directed at eBay (no surprise)
> but the real URL really does go to eBay to a cgi that does a redirect to
> the phishing site, with the target of the redirect appearing at the
> extreme end of the URL (might have been a little better if obfuscated by
> escaped unicoding or similar, but it's plaintext).
>
> eBay may have tweaked the redirecting cgi by now, but when I checked it
> last night it worked (as a general redirect, I didn't examine the
> phishing site target itself).
>
> Jeff
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (MingW32)
>
> iD8DBQFB6/efot2VatFbXMERAhOUAJ4xuKIJh3IiNVKi2kvd036uNgScqQCeKPzj
> V/jt6jY+dd9P5WC1gPbaxLs=
> =gA3c
> -----END PGP SIGNATURE-----
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Yeah I got this one. Seeing as I have never had a dealing with ebay
there was no way any
account I had with them was nor about to try to correct anything. I did
as of late get some
strange phone calls from a number of companies claiming I was in arrears
on all sorts of things.
Only one valid, something had got mailed late. But I thought phising
only worked by email
when the person up to the nasty trick could do it and dissappear, but
that it didn't work by
phone, because I assume one has to have some bona fides with some bank
or clearing house
to do this..
Have Fun,
Sends Steve
Powered by blists - more mailing lists