The Ebay Phishing Email
This is the email that arrived. Not for MY address but a friend who forwarded it:
Now this all looks OK with the right logo and the copyright stuff. And if you
click any link other than the one in the middle it takes you to the real eBay
Even the URL in the middle looks OK. Its a genuine eBay one. But on this page
its only the description of the link not the link iself.
If you hover on this URL, the URL your really going to is something like:
& ruproduct= User + Agreement + Update & amp; ruparams=page%3D@http://126.96.36.199/ ~lizard/ebay/aw-cgi/login.php
This still looks pretty good to you because it starts an finishes with the
right kind of URL. But the way a browser processes an URL it checks thru
for the "@" sign (which your noticing because I made it red) and the next thing
after that is the site it really goes to.
So its really going to http://188.8.131.52/~lizard/ebay/aw-cgi/login.php.
And this page in turn was set up by somebody who took out a anonymous subscription
for a web site from ThePlanet.com Internet Services, Inc but it could of
been any big ISP.
When you get there you see a screen like this:
Which looks like the real eBay log in screen. If you fill in your name and
password they got you. They take the name and password then they pass you to a screen
to verify your PayPal data so they get that too. I dont have an image
for that page because I would need to give away my eBay login info to get to it.
Finally they pass you to the
real eBay log in. You think something went wrong so you log in again and after
that its all normal except that they have your important passwords. They can
change your address details, make a big Buy It Now purchase and they get away with
I would of liked to find the scammer who did this but its hopeless he probably
didnt even live in America never mind England. And the site was dead two days later.
But what I did I reported him to the ISP and to various scambuster sites so over
time it might mean its harder for him also spam filters are beginning to be
able to recognise these concealed URLs.
©Alfredo García 2004-2006 All Rights Reserved