Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
RE: eBay Account Phishing with eBay Redirect
From: Thomas T. Evans, III (ttevanshawkcorp.net)
Date: Tue Feb 15 2005 - 15:47:02 CST
You may want to be careful about following links like this. I have read that
part of the problem is, even if you load bogus information or no information
at all, these sites will drop keyloggers, Trojans, etc. on your machine.
Just their way of saying 'Thanks for dropping by'.... :(
Thomas T. Evans, III CCNA
Senior Network Manager
216-267-7787 Ext. 500
President, MFG/Pro Midwest User Group
"The difference between genius and stupidity is genius has limits" -- Albert
From: Jonathan Rockway [mailto:jrockw2uic.edu]
Sent: Monday, February 14, 2005 7:25 PM
To: bugtraqsecurityfocus.com; Josh Tolley
Subject: Re: eBay Account Phishing with eBay Redirect
I just tried this out and it worked for me. I got a page asking for a
login name and made up a login name and password. After ``logging
in'', I got a page asking for my address, phone, CCN, bank information,
etc. (They ask for everything! ATM PIN, SSN, DOB, etc... who would
actually provide this to the real eBay!?)
After I submitted my fake data, it redirected me to the real eBay login.
On 14 Feb 2005, at 1:08 PM, Josh Tolley wrote:
> I just tried this with my own URL, and eBay didn't forward me to some
> other site. Perhaps they've plugged this already?
> Josh Tolley
> Raintree Systems, Inc.
> 760 509 9000
> Steven wrote:
>> I am not sure if this is better served by incidents or bugtraq, but
>> in any event here it is. I frequently get the fake looking e-mails
>> phishing for my Paypal, eBay, and banking login/password information.
>> Generally the links to the spoofed webpages are just links to a fake
>> page with a modified A HREF tag. However, it appears someone has
>> found that eBay's actual page has a command to redirect to a
>> specified webpage. While this shouldn't be a big risk, it still
>> poses a small one and is being actively exploitated.
>> The page actually appears to link to eBay and it does, the link below
>> is the one I received in my inbox recently.
>> HCURstpAisNRpAisNRqAhQRfhgTDrferHCUQRfqzeHAAeMWZlHhlWXh Simply:
>> MfcISAPICommand=RedirectToDomain&DomainUrl=www.website.com Steven
Jonathan Rockway <jrockw2uic.edu>