Tuesday, April 26, 2005

Gone Phishing

Gone PhishingMy email inbox seems to be under attack as of late. I would really like to find the perpetrators of this filth in their underground lairs (read parents' basement) and hire Dave to explode their heads. Most scams I have seen many times already and recognize, like the . Other emails I find myself having to look closely at:
Date: Sat, 23 Apr 2005 03:11:29 +0800

To: theMike
Subject: Security Measures (SafeHarbor) (KMM82003618V76837L0KM)
From: "aw-confirm@eBay.com"

Looking at the heading could be very misleading. That is the email address that eBay uses when sending confirmations of bid or password changes.
eBay Security Center: Urgent eBay Account Update Request.

Dear eBay member,


We recently noticed one or more attempts to log in to your eBay account from a foreign IP address and we have reasons to believe that your account was hacked by a third party without your authorization.


If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you.


The login attempt was made from:


IP address: 154.106.12.15


IS Host: cache-154.proxyes.aol.com.


If you choose to ignore our request, you leave us no choice but to temporally suspend your account.


We ask that you allow at least 72 hours for the case to be investigated and we strongly recommend not to make any changes to your account in that time.


However, if you are the rightful holder of the account, click on the link below, fill the form and then submit as we try to verify your identity:

http://signin.ebay.com/aw-cgi/eBayISAPI.dll?OneTimePayment&ssPageName=h:h:sin:US


eBay will request personal data (password, credit card/bank numbers, and so on) in this email.


Thank you for using eBay!
http://www.ebay.com/


Personally, I like how the email states that "eBay will request personal data....". I guess that's a new policy, because I've always been told that they, or any other company like them, will not. Let's take another look at that verification url too.

http://signin.ebay.com/aw-cgi/eBayISAPI.dll?OneTimePayment&ssPageName=h:h:sin:US

Everything seems legit on the surface, but just by hovering the mouse over the link, I can see where the url really wants to take me:

http://203.198.168.66/data/openwebmail/alfa//eBayISAPI.php?.....etc.

It's at least reassuring to see that no matter how grammatically correct the message gets, this one only has one misspelling from what I can see, the url is still a dead giveaway. If you ever have a question about whether you are on the right website...look in the at the url in the address bar. It can not lie:

Address Bar


Filed in:
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)