Interesting People mailing list archives
Ebay Phishing Scam Using Ebay's Own Servers
From: David Farber <dave () farber net>
Date: Wed, 23 Feb 2005 07:02:54 -0500
------ Forwarded Message From: Howard Durdle <howard () durdle com> Date: Wed, 23 Feb 2005 09:12:01 +0000 To: <dave () farber net> Subject: Ebay Phishing Scam Using Ebay's Own Servers Dave, A warning (for IP if you wish). The eBay scammers are now using eBay's own servers to facilitate phishing attacks. This URL: http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&Domai nUrl=%68%74%74%70%3A%2F%2F%62%6C%6F%67%2E%64%75%72%64%6C%65%2E%63%6F%6D%2F Is served from the real ebay.com and will look quite valid to any user. That escaped sequence of characters at the end is just my blog's domain name: http://blog.durdle.com obfuscated. The original email I received had an attackers IP address encoded in the URL. Anyone visiting that address will first hit eBay's server before being bounced to my blog (or an attacker's page). So, we can't even trust URLs that are served from the real domain anymore. eBay are aware but have no fix at the moment. Best regards, Howard Durdle -- Howard Durdle howard () durdle com http://durdle.com ------ End of Forwarded Message ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Ebay Phishing Scam Using Ebay's Own Servers David Farber (Feb 23)