[Regia-NA] OT - E-bay fraud

Fri Jul 30 10:42:56 EDT 2004

A friend in my Other Hobby came up with this today .................

>>>>>>>>>>>>>>

I post this as a warning to everyone about a clever bit of skullduggery that
came our way today.

Received an email, purporting to be from ebay, regarding an alleged breach of
security and fraudulent use of my ebay account and user name. The email asked me
to sign in and confirm my details and to fill in all the blanks on the form I
would come to.

So far, a pretty ordinary scam email, but the clever bit is to come:

The url for signing in was the same as the normal ebay one, together with
https:// at the front to show a secure signing in link. If you clicked on the
link you would come to the standard ebay page with boxes for user name and
password, and presumably further on it would ask you to confirm your credit card
details etc etc:

https://signin.ebay.com/saw-cgi/eBayISAPI.dll?SignIn&UsingSSL=1

The url was in fact a graphic, not straight text, and if you held the mouse
pointer over it, a different url would show up, with an IP address in the far
east. So if you clicked normally you wouldn't see the different address, which
was:

http://211.252.9.126/.secure/safeharbor.verify.ebay.com/login.php

That IP is in the APNIC (Asia Pacific Network Information Centre) area, and I
tracked it down to a  School in South Korea.

It was a very clever bit of fraud, and one that me scratching my head for a
while as I waiting for ebay to confirm it was a fraudulent email, which they did
within 20 minutes. I didn't go to the url, I just reported it to ebay and then
starting looking at how they did the switch of url's.

>>>>>>>>>>>>>>>

You have all been warned! :-))

Regards,

Kim Siddorn,
Regia Anglorum

This e-mail is confidential, legally privileged and - unless otherwise stated in the message body - is intended for the
sole attention of the addressee. If you are not this person, please do not read, save, re-transmit or print the
information it contains. Views expressed herein may or may not be the established policy of Regia Anglorum. Unless
otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding.

Daily updated anti-virus software was used in the generation of this e-mail and any attachments, but it is the
responsibility of the recipient to ensure that their incoming mail is virus free.