OT: Interesting phishing email...
Grant M.
gmongardi at napc.com
Sun Feb 4 09:38:34 EST 2007
Just thought this was an interesting phishing attempt that I hadn't
seen before. The email I had received appeared to be a response to some
item that I had listed on ebay, although I have never listed anything on
ebay. I clicked the link to the listing, and got to the actual login
page for ebay (not some phishing site, but ebay's actual sign-in page).
I verified the URL, and firefox showed it as green, and so I clicked the
Sign-In button, and it returned an invalid login page. Hmmm.
I clicked the back button, and verified that it truly was ebay, and
it definitely was. I then realized, that the URL that I had used had
embedded a redirect to another site. Here is the URL in the email:
https://signin.ebay.com/ws/eBayISAPI.dll?SignInMCAlert&ru=http://ns.reg.com.co/signin.ebay.com/ws/signin.ebay.comwseBayISAPI.dllSignIn.html
and here is where it redirects to once you've logged-in:
http://ns.reg.com.co/signin.ebay.com/ws/signin.ebay.comwseBayISAPI.dllSignIn.html
and ebay's sign-in page actually redirected me to it. Obviously, the
page was no longer ebay's, but I could see someone (myself included)
falling into this trap. In fact, if firefox hadn't auto-filled the
fields for this site, I might have assumed I had actually typed them in
wrong.
I was somewhat surprised that ebay would do this sort of thing, and
went to ebay to report this. After doing a search for phishing and then
also clicking through about 10 links to finally find where to report
this, it described how to tell whether an email points to a phishing
site or not, and describes verifying the URL - exactly where this would
have fallen down. Here's the page:
http://pages.ebay.com/help/confidence/isgw-account-theft-spoof.html
Just thought it might start an interesting tech discussion,
Grant M.
--
Grant Mongardi
Systems Engineer
NAPC
gmongardi at napc.com
http://www.napc.com/
781.894.3114 phone
781.894.3997 fax
NAPC | technology matters
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Discuss
mailing list