------ Forwarded Message From: Howard Durdle <[EMAIL PROTECTED]> Date: Wed, 23 Feb 2005 09:12:01 +0000 To: <[EMAIL PROTECTED]> Subject: Ebay Phishing Scam Using Ebay's Own Servers
Dave, A warning (for IP if you wish). The eBay scammers are now using eBay's own servers to facilitate phishing attacks. This URL: http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&Domai nUrl=%68%74%74%70%3A%2F%2F%62%6C%6F%67%2E%64%75%72%64%6C%65%2E%63%6F%6D%2F Is served from the real ebay.com and will look quite valid to any user. That escaped sequence of characters at the end is just my blog's domain name: http://blog.durdle.com obfuscated. The original email I received had an attackers IP address encoded in the URL. Anyone visiting that address will first hit eBay's server before being bounced to my blog (or an attacker's page). So, we can't even trust URLs that are served from the real domain anymore. eBay are aware but have no fix at the moment. Best regards, Howard Durdle -- Howard Durdle [EMAIL PROTECTED] http://durdle.com ------ End of Forwarded Message ------------------------------------- You are subscribed as [email protected] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
