| |
Home
Phishing
Archive
Report
Phishing
Events
Resources
Membership
APWG
Worksite
Contact
Us
APWG Sponsors:
|
  |
eBay - 'Ebay(R) Re-Activation Unit'
17-Jun-2004
| Summary |
| Email
title: |
Ebay(R) Re-Activation Unit |
| Scam
target: |
eBay users |
| Email
format: |
HTML email |
| Sender: |
Fraud@ebay.com |
| Sender
spoofed? |
Yes |
| Scam
call to action: |
'Recently alot of Ebay accounts were hi-jacked and there is a security update, please gather as much information about your account as you can before you proceed to the next page.'
|
| Scam
goal: |
Getting victim's eBay username/password; credit card and address/phone information; bank account information |
| Call
to action format: |
a 'Click here' type link |
| Visible link: |
a 'Login and proceed' button |
| Called link: |
http://ebay.ssl.secureverify.mirror6.9p.org.uk/aw-cgi/eBayISAPI.dll/ |
| Phish site: |
http://teamx.fragism.com |
|
| |
| E-mail |
This email is graphically rich, carries an eBay logo, a trust-e logo and even an eBay search bar! It is also unusually frank and direct - it does not try to explain you a lot, trying to persuade you to click on the link.
|
_Re-Activation_Unit)_email.jpg) |
|
| Web
Site |
| Visible link: |
a 'Login and proceed' button |
| Called link: |
http://ebay.ssl.secureverify.mirror6.9p.org.uk/aw-cgi/eBayISAPI.dll/ |
| Phish site: |
http://teamx.fragism.com |
|
The site uses a two-page sytem - to make you believe you first 'log in' and then submit your data. This is the first page:
|
_Re-Activation_Unit)_site1.jpg) |
As soon as you press 'sign in' (the phish does not check whether you have entered a valid account), the second page comes up:
|
_Re-Activation_Unit)_site2.jpg) |
The whole scheme is well organized and designed and would fool you, if you dont pay attention to your address bar. And it is definitely not eBay:
|
_Re-Activation_Unit)_adrbar.jpg) |
WHOIS Data: |
The phish site is hosted on an account on fragism.com, a gaming website
|
|