Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: eBay phishing - phishers are getting better
From: Ivaylo Zashev <zashev () gmail com>
Date: Sat, 23 Jul 2005 20:54:55 +0300

Hello ,

You're not the only one getting this...
Spammers are using some tools to extract only the ebay mails from
certain email lists they manage to get ..then using those emails they
are able to get the ebay username that belongs to the ebay mail , i
believe eBay fixed this  ..so most likely they got your username some
time ago.



regards,
Ivaylo Zashev
http://exploits.cx Security Center



On 7/21/05, John Gateley <gateley () jriver com> wrote:
I just got another phishing scam (targeting eBay).

The twist is that the subject line included my eBay username,
and it was sent to my eBay e-mail address. The Phishers have
figured out how to get one from the other, I don't know how.

I sent it on to eBay but just got a standard form letter
back.

Is this happening to anyone else? Anyone know how they
were able to figure out my e-mail from user name (or
vice versa)?

j

text, with relevant portions removed:

Return-Path: <apache () www nec com hk>
Delivered-To: xxxx () xxxx xxxx org
Received: (qmail 15267 invoked by alias); 21 Jul 2005 17:05:07 -0000
Delivered-To: xxxx () xxxx org
Received: (qmail 15264 invoked from network); 21 Jul 2005 17:05:07 -0000
Received: from unknown (HELO localhost.localdomain) (203.194.209.141)
  by xxxx.xxxx.com with SMTP; 21 Jul 2005 17:05:07 -0000
Received: from www.nec.com.hk (www.nec.com.hk [127.0.0.1] (may be forged))
        by localhost.localdomain (8.13.1/8.13.1) with ESMTP id j6LIL8VB001107
        for <xxxx () xxxx org>; Fri, 22 Jul 2005 02:21:08 +0800
Received: (from apache () localhost)
        by www.nec.com.hk (8.13.1/8.13.1/Submit) id j6LIL7MX001106;
        Fri, 22 Jul 2005 02:21:07 +0800
Date: Fri, 22 Jul 2005 02:21:07 +0800
Message-Id: <200507211821.j6LIL7MX001106 () www nec com hk>
From: "eBay" <aw-confirm () ebay com>
Reply-to: 6884-lbpl-4t94 () noreplay ebay com
Subject: Notification of Limited Account Access for xxxx
To: xxxx () xxxx org
Content-type: text/html

<html>
<style type="text/css">
<!--
.style3 {color: #FFFFFF}
-->
</style>

<body>
<table border="0" width="100%">
<tr>
<td width="15%" align="left">To:</td>
<td>xxxx</td>
</tr>
<tr>
<td width="15%" align="left">From:</td>
<td>eBay<span class="style3">(   codeID=2574-h04b-ug97)</span></td>
</tr>
<tr>
<td width="15%" align="left">Subject:</td>
<td>Notification of Limited Account Access for xxxx<span class="style3"> x route </span></td>
</tr>
<tr>
<td colspan="2">------------------------------------------------------------</td>
</tr>
<tr>
<td colspan="2"><table cellpadding="2" cellspacing="0" border="0" style="border: #e0e0e0 1px solid;" width="100%">
<tr>
<td><p class="V1Gray"><img alt="The World's Online Marketplace" src="http://battellemedia.com/images/ebayLogo-tm.jpg"; 
border=0></p>
  <p class="V1Gray">eBay sent this message to xxxx (xxxx () xxxx org
).<br>
                        </p></td>
</tr>
</table>
<table cellSpacing="0" cellPadding="0" width="100%" align="center" border="0">
<tbody>
<tr>
<td bgColor="#9999cc" width="1"><img height="1" src="http://pics.ebaystatic.com/aw/pics/s.gif";></td>
<td>
<table cellSpacing="0" cellPadding="0" width="100%" align="center" border="0">
<tbody>
<tr bgColor="#9999cc" height="26">
<td> <span class="A3B" style="color:white;">Welcome to My Messages</span></td>
</tr>
<tr>
<td>
<table cellSpacing="0" cellPadding="5" width="100%" bgColor="white" border="0">
<tbody>
<tr>
<td colSpan="6" bgcolor="#FFFFFF"><img src="http://pics.ebaystatic.com/aw/pics/myMessages/note_570x30.gif"; alt=" " 
border="0">
  <p>
                        Dear <span class="V1Gray"> xxxx&nbsp;(xxxx () xxxx org
),</span></p>
<p>
                        This e-mail is the notification of recent innovations taken by eBay to detect inactive 
customers and


 non-functioning billing process.<br>
                        The inactive customers are subject to restriction and removal in the next 3 days. <br>
                        You must click the link to complete the process.</p>
<p><a 
href="http://signin.ebay.com.aw-cgi2.com/eBayISAPI.dll?VerifyID&PlaceInfo&LogUID=xxxx;UserRoute=2574-h04b-ug97";>http://signin.ebay.com/eBayISAPI.dll?Signln&amp;UserIDmail=xxxx
 () xxxx org
</a>  <span class="style3"> =


    type=state&amp;param=xxxx-2574-h04b-ug97</span></p>
<p align="left">(To complete the verification process you must fill in all the required fields)</p>
<p> Notice: Refusal to cooperate in an investigation or provide confirmation of identity when requested are subject 
to restriction and removal in the next 3 days </p>
<p>Regards,<br>
  Customer Support (Trust and Safety Department),  <span class="style3"> </span></p></td>
</tr>
<tr>
<td height="10"></td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td width="100%" bgColor="#9999cc"><img height="1" src="http://pics.ebaystatic.com/aw/pics/s.gif"; width="1"></td>
</tr>
</tbody>
</table>
</td>
<td bgColor="#9999cc" width="1"><img height="1" src="http://pics.ebaystatic.com/aw/pics/s.gif"; width="1"></td>
</tr>
</tbody>
</table>
<hr size="1"></td>
</tr>
</table>
</body>
</html>


--
Public key at http://www.jriver.com/~gateley





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault