[SEL] OT- Bit of ebay trickery
Peter A Forbes
diesel at easynet.co.uk
Wed Jul 28 11:40:57 PDT 2004
Posted to stationary engine/model engineering newsgroups, Oldengine.org and Atis
(SEL)
I post this as a warning to everyone about a clever bit of skullduggery that
came our way today.
Received an email, purporting to be from ebay, regarding an alleged breach of
security and fraudulent use of my ebay account and user name. The email asked me
to sign in and confirm my details and to fill in all the blanks on the form I
would come to.
So far, a pretty ordinary scam email, but the clever bit is to come:
The url for signing in was the same as the normal ebay one, together with
https:// at the front to show a secure signing in link. If you clicked on the
link you would come to the standard ebay page with boxes for user name and
password, and presumably further on it would ask you to confirm your credit card
details etc etc:
https://signin.ebay.com/saw-cgi/eBayISAPI.dll?SignIn&UsingSSL=1
The url was in fact a graphic, not straight text, and if you held the mouse
pointer over it, a different url would show up, with an IP address in the far
east. So if you clicked normally you wouldn't see the different address, which
was:
http://211.252.9.126/.secure/safeharbor.verify.ebay.com/login.php
That IP is in the APNIC (Asia Pacific Network Information Centre) area, and I
tracked it down to a School in South Korea.
It was a very clever bit of fraud, and one that me scratching my head for a
while as I waiting for ebay to confirm it was a fraudulent email, which they did
within 20 minutes. I didn't go to the url, I just reported it to ebay and then
starting looking at how they did the switch of url's.
You have all been warned! :-))
Peter
--
Peter & Rita Forbes
diesel at easynet.co.uk
Engine pages for preservation info:
http://www.oldengine.org/members/diesel
More information about the sel
mailing list