Newest round of Ebay phishing

Discussion in 'Computer Security' started by Bit Twister, May 30, 2005.

  1. Bit Twister

    Bit Twister Guest

    On Mon, 30 May 2005 11:04:30 -0400, Alceryes wrote:
    > I just got hit with a couple of emails *supposedly* from ebay.
    > The site it takes you to looks VERY genuine. Be careful ebay users...


    Hope you forwarded to ebay. They might get the site taken down.
     
    Bit Twister, May 30, 2005
    #1
    1. Advertising

  2. Bit Twister

    Alceryes Guest

    I just got hit with a couple of emails *supposedly* from ebay.
    The site it takes you to looks VERY genuine. Be careful ebay users...
    Below is a copy of the email...



    Dear valued eBay member:

    We recently have determined that different computers have signed into your
    eBay account, and multiple password failures were present before this
    attempts. We now need you to confirm your account information to us. If this
    is not completed by June 10, 2005 we will be forced to suspend your account
    indefinitely, as it may have been used for fraudulent purposes. We thank you
    for your cooperation in this manner.

    To confirm your eBay account information click on the link below:
    https://services.ebay.com/saw-cgi/eBayISAPI.dll?Confirm

    We appreciate your support and understanding, as we work together to keep
    eBay a safe place to trade.
    Thank you for your patience in this matter.

    Trust and Safety Department
    eBay Inc.

    Please do not reply to this e-mail as this is only a notification. Mail sent
    to this address cannot be answered.

    Copyright 1995-2005 eBay Inc. All Rights Reserved. Designated trademarks and
    brands are the property of their respective owners. Use of this Web site
    constitutes acceptance of the eBay User Agreement and Privacy Policy.
    Designated trademarks and brands are the property of their respective
    owners. eBay and the eBay logo are trademarks of eBay Inc. eBay is located
    at 2145 Hamilton Avenue, San Jose, CA 95125.

    To:
     
    Alceryes, May 30, 2005
    #2
    1. Advertising

  3. Bit Twister

    Alceryes Guest

    Sorry, the link didn't follow. Here's the page it actually takes you to.

    http://www2.milwaukee.k12.wi.us/whittier/.log/eBay/index.htm



    "Alceryes" <> wrote in message
    news:...
    >I just got hit with a couple of emails *supposedly* from ebay.
    > The site it takes you to looks VERY genuine. Be careful ebay users...
    > Below is a copy of the email...
    >
    >
    >
    > Dear valued eBay member:
    >
    > We recently have determined that different computers have signed into your
    > eBay account, and multiple password failures were present before this
    > attempts. We now need you to confirm your account information to us. If
    > this is not completed by June 10, 2005 we will be forced to suspend your
    > account indefinitely, as it may have been used for fraudulent purposes. We
    > thank you for your cooperation in this manner.
    >
    > To confirm your eBay account information click on the link below:
    > https://services.ebay.com/saw-cgi/eBayISAPI.dll?Confirm
    >
    > We appreciate your support and understanding, as we work together to keep
    > eBay a safe place to trade.
    > Thank you for your patience in this matter.
    >
    > Trust and Safety Department
    > eBay Inc.
    >
    > Please do not reply to this e-mail as this is only a notification. Mail
    > sent to this address cannot be answered.
    >
    > Copyright 1995-2005 eBay Inc. All Rights Reserved. Designated trademarks
    > and brands are the property of their respective owners. Use of this Web
    > site constitutes acceptance of the eBay User Agreement and Privacy Policy.
    > Designated trademarks and brands are the property of their respective
    > owners. eBay and the eBay logo are trademarks of eBay Inc. eBay is located
    > at 2145 Hamilton Avenue, San Jose, CA 95125.
    >
    > To:
    >
     
    Alceryes, May 30, 2005
    #3
  4. From: "Alceryes" <>

    | I just got hit with a couple of emails *supposedly* from ebay.
    | The site it takes you to looks VERY genuine. Be careful ebay users...
    | Below is a copy of the email...
    |
    | Dear valued eBay member:
    |
    | We recently have determined that different computers have signed into your
    | eBay account, and multiple password failures were present before this
    | attempts. We now need you to confirm your account information to us. If this
    | is not completed by June 10, 2005 we will be forced to suspend your account
    | indefinitely, as it may have been used for fraudulent purposes. We thank you
    | for your cooperation in this manner.
    |
    | To confirm your eBay account information click on the link below:
    | https://services.ebay.com/saw-cgi/eBayISAPI.dll?Confirm
    |
    | We appreciate your support and understanding, as we work together to keep
    | eBay a safe place to trade.
    | Thank you for your patience in this matter.
    |
    | Trust and Safety Department
    | eBay Inc.
    |
    | Please do not reply to this e-mail as this is only a notification. Mail sent
    | to this address cannot be answered.
    |
    | Copyright 1995-2005 eBay Inc. All Rights Reserved. Designated trademarks and
    | brands are the property of their respective owners. Use of this Web site
    | constitutes acceptance of the eBay User Agreement and Privacy Policy.
    | Designated trademarks and brands are the property of their respective
    | owners. eBay and the eBay logo are trademarks of eBay Inc. eBay is located
    | at 2145 Hamilton Avenue, San Jose, CA 95125.
    |
    | To:
    |

    Please submit this and any other phishing attempt email to the Anti-Phishing Organization.

    http://www.antiphishing.org/report_phishing.html

    Just capture Full Headers and Body and send an email to;

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, May 30, 2005
    #4
  5. Bit Twister

    Unruh Guest

    "Alceryes" <> writes:

    >I just got hit with a couple of emails *supposedly* from ebay.
    >The site it takes you to looks VERY genuine. Be careful ebay users...
    >Below is a copy of the email...




    >Dear valued eBay member:


    >We recently have determined that different computers have signed into your
    >eBay account, and multiple password failures were present before this
    >attempts. We now need you to confirm your account information to us. If this
    >is not completed by June 10, 2005 we will be forced to suspend your account
    >indefinitely, as it may have been used for fraudulent purposes. We thank you
    >for your cooperation in this manner.


    >To confirm your eBay account information click on the link below:
    >https://services.ebay.com/saw-cgi/eBayISAPI.dll?Confirm


    Of course the key is to make sure that you NEVER click on something in an
    email. You copy the address into your browser. Doing this gives

    An error occurred while loading
    https://services.ebay.com/saw-cgi/eBayISAPI.dll?Confirm:
    Could not connect to host services.ebay.com



    >We appreciate your support and understanding, as we work together to keep
    >eBay a safe place to trade.
    >Thank you for your patience in this matter.


    >Trust and Safety Department
    >eBay Inc.


    >Please do not reply to this e-mail as this is only a notification. Mail sent
    >to this address cannot be answered.


    >Copyright 1995-2005 eBay Inc. All Rights Reserved. Designated trademarks and
    >brands are the property of their respective owners. Use of this Web site
    >constitutes acceptance of the eBay User Agreement and Privacy Policy.
    >Designated trademarks and brands are the property of their respective
    >owners. eBay and the eBay logo are trademarks of eBay Inc. eBay is located
    >at 2145 Hamilton Avenue, San Jose, CA 95125.


    >To:
     
    Unruh, May 31, 2005
    #5
  6. Bit Twister

    Bit Twister Guest

    On 30 May 2005 23:15:45 GMT, Unruh wrote:
    >
    > Of course the key is to make sure that you NEVER click on something in an
    > email. You copy the address into your browser. Doing this gives


    Yes, but some have
    onMouseOver="do the infection here code"
    not to mention lots of other methods beside click to infect. :(
     
    Bit Twister, May 31, 2005
    #6
  7. Bit Twister

    Hootowl Guest

    On Mon, 30 May 2005 18:22:10 -0500, Bit Twister
    <> wrote:

    >On 30 May 2005 23:15:45 GMT, Unruh wrote:
    >>
    >> Of course the key is to make sure that you NEVER click on something in an
    >> email. You copy the address into your browser. Doing this gives

    >
    >Yes, but some have
    > onMouseOver="do the infection here code"
    >not to mention lots of other methods beside click to infect. :(


    Use Forte Agent or another text-based (non-scriptable) news reader,
    and the mouseover exploit (at least) shouldn't work. Unless there's
    some setting I'm unaware of (which is highly possible).

    Dan
    >
     
    Hootowl, May 31, 2005
    #7
  8. Bit Twister

    Vanguard Guest

    "Alceryes" <> wrote in message
    news:p...
    > Sorry, the link didn't follow. Here's the page it actually takes you
    > to.
    >
    > http://www2.milwaukee.k12.wi.us/whittier/.log/eBay/index.htm



    Always show the raw source of an e-mail if it is HTML formatted.
    Copying and pasting the *rendered* version of an HTML e-mail (i.e., what
    you see) won't show any of the tricks possible within the HTML code
    (i.e., the HTML rendered version isn't of much use to trace to where the
    links go).

    So did you report the phish mail to the feds (), the
    antiphishing group ran by Microsoft, eBay, Visa, GeoTrust, and others
    (), and to the wi.us domain (use
    http://www.whois.us/ to get registrant's info) and their upstream
    provider (do a traceroute on the URL; my tracert shows tds.net upstream
    of wi.us)?
     
    Vanguard, May 31, 2005
    #8
  9. Bit Twister

    Vanguard Guest

    "Bit Twister" <> wrote in message
    news:...
    > On 30 May 2005 23:15:45 GMT, Unruh wrote:
    >>
    >> Of course the key is to make sure that you NEVER click on something
    >> in an
    >> email. You copy the address into your browser. Doing this gives

    >
    > Yes, but some have
    > onMouseOver="do the infection here code"
    > not to mention lots of other methods beside click to infect. :(
    >
    >



    Not if you are using the PROPER security zone when viewing HTML
    formatted e-mails (if your e-mail client supports security zones; else,
    it needs to provide its own security settings). For Outlook or Outlook
    Express, you should configure them to view e-mails in the Restricted
    Sites security zone, and that security zone should be configured at the
    High setting level. That will disable ALL scripts in an e-mail,
    including Javascript (so the onmouse* events can't do anything).
     
    Vanguard, May 31, 2005
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alan

    Computer Goes Round and Round Checking

    Alan, Oct 1, 2004, in forum: Computer Support
    Replies:
    6
    Views:
    963
    Monroe Dowling
    Oct 8, 2004
  2. Ebay phishing,

    , Jun 28, 2006, in forum: Computer Security
    Replies:
    10
    Views:
    1,134
    Borked Pseudo Mailed
    Jun 30, 2006
  3. Bigbazza
    Replies:
    0
    Views:
    2,770
    Bigbazza
    Oct 16, 2007
  4. Bigbazza

    ebay ebay ebay

    Bigbazza, Oct 16, 2007, in forum: Computer Support
    Replies:
    0
    Views:
    858
    Bigbazza
    Oct 16, 2007
  5. DaGenester
    Replies:
    2
    Views:
    3,202
    Ed Rusi
    May 20, 2010
Loading...

Share This Page