<<< Date Index >>>     <<< Thread Index >>>

[IP] Ebay Phishing Scam Using Ebay's Own Servers



------ Forwarded Message
From: Howard Durdle <howard@xxxxxxxxxx>
Date: Wed, 23 Feb 2005 09:12:01 +0000
To: <dave@xxxxxxxxxx>
Subject: Ebay Phishing Scam Using Ebay's Own Servers


Dave,

A warning (for IP if you wish).

The eBay scammers are now using eBay's own servers to facilitate phishing
attacks.

This URL:
http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&Domai
nUrl=%68%74%74%70%3A%2F%2F%62%6C%6F%67%2E%64%75%72%64%6C%65%2E%63%6F%6D%2F

Is served from the real ebay.com and will look quite valid to any user.

That escaped sequence of characters at the end is just my blog's domain
name: http://blog.durdle.com obfuscated.  The original email I received had
an attackers IP address encoded in the URL.  Anyone visiting that address
will first hit eBay's server before being bounced to my blog (or an
attacker's page).

So, we can't even trust URLs that are served from the real domain anymore.
eBay are aware but have no fix at the moment.

Best regards,

Howard Durdle

-- 
Howard Durdle
howard@xxxxxxxxxx
http://durdle.com


------ End of Forwarded Message


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/