[Regia-NA] OT - E-bay fraud
jim
smithur at rcn.com
Fri Jul 30 20:14:58 EDT 2004
When I looked I got:
This was a fraud site setup to steal your credit
card and personal information.
So please, if you see something on E-bay that
looks suspicious to you, contact E-bay to let them
know.
Smiðr
> -----Original Message-----
> From: list-regia-na-bounces at lig.net
> [mailto:list-regia-na-bounces at lig.net]On Behalf Of
J K Siddorn
> Sent: Friday, July 30, 2004 7:43 AM
> To: Regia UK E-group
> Cc: Regia US E-group
> Subject: [Regia-NA] OT - E-bay fraud
>
>
> A friend in my Other Hobby came up with this today
.................
>
> >>>>>>>>>>>>>>
>
> I post this as a warning to everyone about a
clever bit of
> skullduggery that
> came our way today.
>
> Received an email, purporting to be from ebay,
regarding an
> alleged breach of
> security and fraudulent use of my ebay account and
user name.
> The email asked me
> to sign in and confirm my details and to fill in
all the
> blanks on the form I
> would come to.
>
> So far, a pretty ordinary scam email, but the
clever bit is to come:
>
> The url for signing in was the same as the normal
ebay one,
> together with
> https:// at the front to show a secure signing in
link. If
> you clicked on the
> link you would come to the standard ebay page with
boxes for
> user name and
> password, and presumably further on it would ask
you to
> confirm your credit card
> details etc etc:
>
>
https://signin.ebay.com/saw-cgi/eBayISAPI.dll?SignIn
&UsingSSL=1
>
> The url was in fact a graphic, not straight text,
and if you
> held the mouse
> pointer over it, a different url would show up,
with an IP
> address in the far
> east. So if you clicked normally you wouldn't see
the
> different address, which
> was:
>
>
http://211.252.9.126/.secure/safeharbor.verify.ebay.
com/login.php
>
> That IP is in the APNIC (Asia Pacific Network
Information
> Centre) area, and I
> tracked it down to a School in South Korea.
>
> It was a very clever bit of fraud, and one that me
scratching
> my head for a
> while as I waiting for ebay to confirm it was a
fraudulent
> email, which they did
> within 20 minutes. I didn't go to the url, I just
reported it
> to ebay and then
> starting looking at how they did the switch of
url's.
>
> >>>>>>>>>>>>>>>
>
> You have all been warned! :-))
>
> Regards,
>
> Kim Siddorn,
> Regia Anglorum
>
> This e-mail is confidential, legally privileged
and - unless
> otherwise stated in the message body - is intended
for the
> sole attention of the addressee. If you are not
this person,
> please do not read, save, re-transmit or print the
> information it contains. Views expressed herein
may or may
> not be the established policy of Regia Anglorum.
Unless
> otherwise expressly agreed in writing, nothing
stated in this
> communication shall be legally binding.
>
> Daily updated anti-virus software was used in the
generation
> of this e-mail and any attachments, but it is the
> responsibility of the recipient to ensure that
their incoming
> mail is virus free.
>
>
>
>
> _______________________________________________
> list-Regia-NA site list
> list-Regia-NA at lig.net
> http://lig.net/mailman/listinfo/list-regia-na
More information about the list-Regia-NA
mailing list