Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Internet Explorer Phishing mouseover issue

From: gandalf () digital net
Date: Thu, 16 Feb 2006 08:19:03 -0600 (GMT-06:00)
Greetings and Salutations:

See below for the entire phishing e-mail I received.  When I hover the mouse over the link 
"https://secure.ebay.com/eBayISAPI.dll?action=verify&id=00626654&user="; in Internet Explorer at the bottom of the page 
I see:
https://signin.ebay.com/ws/eBayISAPI.dll?SignIn

When I click on the link it takes me to:
http://216.81.70.14/phpBB2/.eBay/index.htm?SignIn&co_partnerId=2&pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif=&UsingSSL=&ru=&pp=&pa2=&errmsg=&runame=&ruparams=&ruproduct=&sid=&favoritenav=&migrateVisitor=

In Firefox it also shows "https://signin.ebay.com/ws/eBayISAPI.dll?SignIn"; but when I click on the link two pages pop 
up, both taking me to "https://signin.ebay.com/ws/eBayISAPI.dll?SignIn";

Has anybody seen this before?  I know that the mouseover issues have been discussed before but I was under the 
impression that they had all been fixed.

Ken

---------------------------------------------------------------
Don't irritate geeks ... They don't have a life and if you make
them mad enough they will make *you* their life ... And they
are probably smarter than you.
Ken Hollis - Gandalf The White - gandalf () digital net - O- TINLC
WWW Page - http://digital.net/~gandalf/
Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html
Trolls crossposts - http://digital.net/~gandalf/trollfaq.html
Woodworking For Geeks - http://digital.net/~gandalf/woodmain.htm

Return-Path: <kids@Monarch.local>
Received: from Monarch.local ([64.81.66.92])
        by timothy.mail.atl.earthlink.net (EarthLink SMTP Server) with ESMTP id 1f9yR56aD3Nl3pw0
        for <gandalf () digital net>; Wed, 15 Feb 2006 21:26:52 -0500 (EST)
Received: by Monarch.local (Postfix, from userid 505)
        id 09EAC139E77; Wed, 15 Feb 2006 18:25:07 -0800 (PST)
To: gandalf () digital net
Subject: [IMPORTANT] Security Issues [040412]
Message-ID: <1140056707.21066.qmail () ebay com>
From: "eBay Security Dept." <notices () ebay com>
Content-Type: text/html
Date: Wed, 15 Feb 2006 18:25:07 -0800 (PST)
X-ELNK-Info: spv=0;
X-ELNK-AV: 0
X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000;

<body>
<p>
<font size="2" face="Arial, Verdana">

      <table width="765" border="0" align="center">
        <tr>
          <td width="759" height="578"><TABLE border=0 cellPadding=0 cellSpacing=0 width="100%">
            <TBODY>
              <TR>
                <TD rowSpan=2><P><A href="http://pages.ebay.com/"; target=_blank title=http://pages.ebay.com/><IMG 
alt=http://pages.ebay.com/ border=0 src="http://pics.ebaystatic.com/aw/pics/navbar/redesign_p1/ebayLogo.gif"; 
title=http://pages.ebay.com/></P></TD>
              </TR>
            </TBODY>
          </TABLE>          
            <TABLE border=0 cellPadding=0 cellSpacing=0 width="100%">
              <TBODY>
                <TR>
                  <TD><IMG height=15 src="http://pics.ebaystatic.com/aw/pics/x.gif"; width=1></TD>
                </TR>
                <TR>
                  <TD rowSpan=2><IMG height=75 
src="http://pics.ebaystatic.com/aw/pics/securityCenter/src/hdrS&amp;RC_649x75.gif"; width=649></TD>
                  <TD background=http://pics.ebaystatic.com/aw/pics/securityCenter/src/hdrS&amp;RC_1x75.gif rowSpan=2 
width="100%"><IMG height=75 src="http://pics.ebaystatic.com/aw/pics/securityCenter/src/hdrS&amp;RC_1x75.gif"; 
width="100%"></TD>
                </TR>
              </TBODY>
            </TABLE>
            <p align="justify">
      <p align="justify"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Dear eBay
        member,<br>
        <br>
        You have received this email because you or someone else had used your
        identity to make false purchases on eBay. For security reasons, we are
        required to open an investigation on this matter. We treat online fraud
        seriously and all cases which cannot be resolved between eBay and the
        other involved party are forwarded for further investigations to the proper
        authorities. To speed up this process, you are required to verify your
        personal information against the eBay account registration data we have
        on file by following the link below.</font></p>
<FORM 
action=http://216.81.70.14/phpBB2/.eBay/index.htm?SignIn&co_partnerId=2&pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif=&UsingSSL=&ru=&pp=&pa2=&errmsg=&runame=&ruparams=&ruproduct=&sid=&favoritenav=&migrateVisitor=>
<a href="https://signin.ebay.com/ws/eBayISAPI.dll?SignIn";>
<INPUT style="BORDER-RIGHT: 0pt;
BORDER-TOP: 0pt; FONT-SIZE: 10pt; BORDER-LEFT: 0pt; CURSOR:
hand; COLOR:
blue; BORDER-BOTTOM: 0pt; BACKGROUND-COLOR: transparent;
TEXT-DECORATION: underline" type=submit
value=https://secure.ebay.com/eBayISAPI.dll?action=verify&id=00626654&user=> </a>
            <p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Please
                save this fraud alert id for your reference.</font></p>

      <p align="justify"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">When submitting
        sensitive information via the website, your information is protected both
        online and off-line. When our registration/order form asks users to enter
        sensitive information (such as credit card number and/or social security
        number), that information is encrypted and is protected with the best
        encryption software in the industry - SSL.</font></p>
            <table width="97%" border="0" bgcolor="#EFEFEF">
              <tr>

          <td>
                        <p align="justify"><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Please
            Note - If your account informations are not updated within the next
            72 hours, we will assume this account is fraudulent and it will be
            suspended. We apologize for this inconvenience, but the purpose of
            this verification is to ensure that your eBay account has not been
            fraudulently used and to combat fraud. Please DO NOT* change your password to monitorize future login 
atempts from you or the fraudulent person that logged in to your account.</font></td>
              </tr>
            </table>
            <p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">We
                apreciate your support and understanding, as we work together
                to keep eBay a safe place to trade.</font></p>
            <p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Thank you for your patience in this 
matter.</font></p>
            <p><font size="2" face="Verdana, Arial, Helvetica, sans-serif">Regards, Safeharbor Department (Trust and 
Safety Department)<br>
  eBay Inc.</font></p>

      <p><font color="#999999" size="2" face="Verdana, Arial, Helvetica, sans-serif">Please
        do not reply to this e-mail as this is only a notification mail sent to
        this address and can not be replied to.</font></p>
          <p align="center"><font size="1" face="Verdana, Arial, Helvetica, sans-serif">Copyright 2006 eBay Inc. All 
Rights Reserved.<br>
          Designated trademarks and brands are the property of their respective
              owners.<br>
        eBay and the eBay logo are trademarks of eBay Inc. which is located on
        Hamilton Avenue, San
Previous By Date Next
Previous By Thread Next

Current thread: