| |
Home
Phishing
Archive
Report
Phishing
Events
Resources
Membership
APWG
Worksite
Contact
Us
APWG Sponsors:
|
  |
eBay - 'eBay account verification needed'
11-Jun-2004
| Summary |
| Email
title: |
'eBay account verification needed' |
| Scam
target: |
eBay users |
| Email
format: |
plain text email |
| Sender: |
Safe Harbor <service@ebay.com> |
| Sender
spoofed? |
Yes |
| Scam
call to action: |
'We have reasons to think there are some problems with eBay account...these problems may cause your temporaly account suspension...Please login to account...check if all your personal informations are right.'
|
| Scam
goal: |
Getting victim's eBay username/password |
| Call
to action format: |
URL link |
| Visible link |
http://signin.ebay.com/aw-cgi/eBayISAPI.dll?SignIn |
| Resolved URL: |
http://69.90.150.97/index.php?u=verification |
|
| |
| E-mail |
The email you get comes from a seemingly legitimate sender (it is spoofed). It explains you that there is something wrong with your account, and provides a link that seems OK. There is even some legal stuff, to make the scam more convincing. However, there is no eBay logo on the message, and the link, of course, is spofed too.
|
_email.jpg)
|
| Web
Site |
| Call to action format: |
URL link |
| Visible link |
http://signin.ebay.com/aw-cgi/eBayISAPI.dll?SignIn |
| Resolved URL: |
http://69.90.150.97/index.php?u=verification |
|
Once the phish site opens, it looks exactly like the authentic eBay login screen.
|
_site.jpg)
The
only (but very significant) difference is the URL displayed in the address bar.
And the interesting thing in this phish - it uses a script to pass the information you enter to the real eBay login page and gets its response. This way the phisher can actually look up if the information you have entered points to a real eBay account.
|
WHOIS (hosting server) Data: |
IP : 69.90.150.97
No DNS record
|
|