OT: Interesting phishing email...

Kristian Hermansen kristian.hermansen at gmail.com
Sun Feb 4 11:12:02 EST 2007


On 2/4/07, Grant M. <gmongardi at napc.com> wrote:
> No, Ebay justs lets you login, and happily redirects you to the fake
> login page, but gives no real indication that it has done so. The effect
> is that you believe that you haven't actually logged-in correctly and
> you try again, but the second time you are using the spoofed page, where
> your login details are recorded, and you are then returned to ebay, and
> it appears that you have now successfully logged in (you have, but it
> happened after the first login). It's a well thought-out spoof in my
> opinion.

That's pretty slick!  Well, everyone should know by now not to ever
click a link in an email, unless you have verified and trust the
sender (GPG helps).  This is just one more example.  Even if you tried
to verify the remote server, it would be legit (until the redirect).
But your caution has already worn off by then...and you got pwned ;-)

Rarely, when I see these emails (Gmail catches almost everything), I
usually whip out a script to pound their servers with random login
info to pollute their databases.  If not to slow them down a little
bit, at least maybe it annoys them and that makes me happy...heh
-- 
Kristian Hermansen

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the Discuss mailing list