Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

eBay phishing - phishers are getting better

from [John Gateley] Network Security [Permanent Link]
Subject: eBay phishing - phishers are getting better
Date: Thu, 21 Jul 2005 15:33:22 -0500 
I just got another phishing scam (targeting eBay).

The twist is that the subject line included my eBay username,
and it was sent to my eBay e-mail address. The Phishers have
figured out how to get one from the other, I don't know how.

I sent it on to eBay but just got a standard form letter
back.

Is this happening to anyone else? Anyone know how they
were able to figure out my e-mail from user name (or
vice versa)?

j

text, with relevant portions removed:

Return-Path: <apache@www.nec.com.hk>
Delivered-To: xxxx@xxxx.xxxx.org
Received: (qmail 15267 invoked by alias); 21 Jul 2005 17:05:07 -0000
Delivered-To: xxxx@xxxx.org
Received: (qmail 15264 invoked from network); 21 Jul 2005 17:05:07 -0000
Received: from unknown (HELO localhost.localdomain) (203.194.209.141)
  by xxxx.xxxx.com with SMTP; 21 Jul 2005 17:05:07 -0000
Received: from www.nec.com.hk (www.nec.com.hk [127.0.0.1] (may be forged))
        by localhost.localdomain (8.13.1/8.13.1) with ESMTP id j6LIL8VB001107
        for <xxxx@xxxx.org>; Fri, 22 Jul 2005 02:21:08 +0800
Received: (from apache@localhost)
        by www.nec.com.hk (8.13.1/8.13.1/Submit) id j6LIL7MX001106;
        Fri, 22 Jul 2005 02:21:07 +0800
Date: Fri, 22 Jul 2005 02:21:07 +0800
Message-Id: <200507211821.j6LIL7MX001106@www.nec.com.hk>
From: "eBay" <aw-confirm@ebay.com>
Reply-to: 6884-lbpl-4t94@noreplay.ebay.com
Subject: Notification of Limited Account Access for xxxx
To: xxxx@xxxx.org
Content-type: text/html

<html>
<style type="text/css">
<!--
.style3 {color: #FFFFFF}
-->
</style>

<body>
<table border="0" width="100%">
<tr>
<td width="15%" align="left">To:</td>
<td>xxxx</td>
</tr>
<tr>
<td width="15%" align="left">From:</td>
<td>eBay<span class="style3">(   codeID=2574-h04b-ug97)</span></td>
</tr>
<tr>
<td width="15%" align="left">Subject:</td>
<td>Notification of Limited Account Access for xxxx<span class="style3"> x 
route </span></td>
</tr>
<tr>
<td 
colspan="2">------------------------------------------------------------</td>
</tr>
<tr>
<td colspan="2"><table cellpadding="2" cellspacing="0" border="0" 
style="border: #e0e0e0 1px solid;" width="100%">
<tr>
<td><p class="V1Gray"><img alt="The World's Online Marketplace" 
src="http://battellemedia.com/images/ebayLogo-tm.jpg"; border=0></p>
  <p class="V1Gray">eBay sent this message to xxxx  (xxxx@xxxx.org
).<br>
                        </p></td>
</tr>
</table>
<table cellSpacing="0" cellPadding="0" width="100%" align="center" border="0">
<tbody>
<tr>
<td bgColor="#9999cc" width="1"><img height="1" 
src="http://pics.ebaystatic.com/aw/pics/s.gif";></td>
<td>
<table cellSpacing="0" cellPadding="0" width="100%" align="center" border="0">
<tbody>
<tr bgColor="#9999cc" height="26">
<td>  <span class="A3B" style="color:white;">Welcome to My Messages</span></td>
</tr>
<tr>
<td>
<table cellSpacing="0" cellPadding="5" width="100%" bgColor="white" border="0">
<tbody>
<tr>
<td colSpan="6" bgcolor="#FFFFFF"><img 
src="http://pics.ebaystatic.com/aw/pics/myMessages/note_570x30.gif"; alt=" " 
border="0">
  <p>
                        Dear <span class="V1Gray"> xxxx&nbsp;(xxxx@xxxx.org
),</span></p>
<p>
                        This e-mail is the notification of recent innovations 
taken by eBay to detect inactive customers and 


 non-functioning billing process.<br>
                        The inactive customers are subject to restriction and 
removal in the next 3 days. <br>
                        You must click the link to complete the process.</p>
<p><a 
href="http://signin.ebay.com.aw-cgi2.com/eBayISAPI.dll?VerifyID&PlaceInfo&LogUID=xxxx;UserRoute=2574-h04b-ug97";>http://signin.ebay.com/eBayISAPI.dll?Signln&amp;UserIDmail=xxxx@xxxx.org
</a>  <span class="style3"> =

 
    type=state&amp;param=xxxx-2574-h04b-ug97</span></p>
<p align="left">(To complete the verification process you must fill in all the 
required fields)</p>
<p> Notice: Refusal to cooperate in an investigation or provide confirmation of 
identity when requested are subject to restriction and removal in the next 3 
days </p>
<p>Regards,<br>
  Customer Support (Trust and Safety Department),  <span class="style3"> 
</span></p></td>
</tr>
<tr>
<td height="10"></td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td width="100%" bgColor="#9999cc"><img height="1" 
src="http://pics.ebaystatic.com/aw/pics/s.gif"; width="1"></td>
</tr>
</tbody>
</table>
</td>
<td bgColor="#9999cc" width="1"><img height="1" 
src="http://pics.ebaystatic.com/aw/pics/s.gif"; width="1"></td>
</tr>
</tbody>
</table>
<hr size="1"></td>
</tr>
</table>
</body>
</html>


-- 
Public key at http://www.jriver.com/~gateley

Attachment: pgpV7c1nN9485.pgp
Description: PGP signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Advisory 11/2005: Multiple vulnerabilities in Contrexx, Christopher Kunz
Next by Date:  Re: Oracle and setting the record straight, Adam Laurie
Previous by Thread:  Advisory 11/2005: Multiple vulnerabilities in Contrexx, Christopher Kunz
Next by Thread:  Re: eBay phishing - phishers are getting better, Ivaylo Zashev
Indexes:  [Date] [Thread] [Top] [All Lists]