eBay User Alert: Don't Click
Phishing Alert: in the past three days UGN Crime Trackers have analyzed more than six phishing attacks utilizing a different scheme than usual.
. .
The attack comes in the form of an email that tells you an eBay buyer wants to contact you about a purchase you just made. The recipient knows they didn't purchase anything and is compelled to follow up and stop the charge on their charge card. The criminal phisher then directs the victim to a web site page spoofing the eBay online form.
Clever coding in the html shrouded email makes the user think the email is legitimate through the use of "title" tags. Here, we've captured the specific code: (See Picture). When the user "hovers" the pointer over the link, a browser pop-up tag appears with the correct eBay link.
In the past, crime Trackers have warned the user to "Check the links, to make sure they're authentic" -- now, phishing attacks employing the "title" tags makes checking for authenticity impossible unless the user actually looks at the embedded html code.
All users are urged to view such email with the HTML function turned off. If using a browser for web-based email, then users are urged to select and view the "source" of the email.
Using Command/F (Control/F) users search for the text: "href." This will jump to the links in the source code of the html and reveal where the link actually goes. The snapshots above were taken from the actual Proof Case below.
Do not click, and do not follow the links in ANY eBay email until you are absolutely positive it's authentic.
* See: Stop Spoof Emails & Web sites
* Take the Spoof Email Tutorial
* See: Reporting Spoof (Fake) Emails
All computer users are urged to report such fraudulent email to the proper authorities. In the case of eBay phishing:
spoof@ebay.com, reportphishing@antiphishing.org, spam@uce.gov
UGN Crime Trackers Case #924112718
What the user will see: Learn more
Criminal redirect link: http://silversand.com.au/ loaded61a /images/ ws/ signin.ebay/eBayISAPI.dll/ SignIn&pUserId/index.html
Registrar: ID: R00013-AR
Country: Australia
Owner: Silversand Natural Horsemanship Centre (Australia)
Host: Au Delegation.com, Bellevue, WA, USA
Nameserver: audelegation.com
SpamCop Report Proof reference
* Where email originates: GNAX.NET, Atlanta GA, USA
... Global Net Access, LLC 216.180.243.18
* Phishing spoof page host: nyi.net
... The New York Internet Company, New York, NY
Stay up to date with the UGN Safe Net Crime Trackers at
UGNN Safe Netting
Comments
I know someone who was caught by this phish and it took them months to get out of trouble. They're still not able to build back their line of credit.
It's terrible... these phishers should be shot, hung, or have all their arms and legs cut off.
Posted by: R. Baily | December 24, 2006 1:50 PM
This is really critical information we simply can't get anywhere else -- thank you for keeping watch for us. I've passed this along to our newsletter editor, and I'm sure all our MUG members will want to know more!
Tufoeala
Chicago Mac Group
Posted by: Tufoeala | August 28, 2007 7:02 PM