Internet threat exposed - Printable Version

Internet threat exposed - Printable Version

+- Tendo City (https://www.tendocity.net)
+-- Forum: Tendo City: Metropolitan District (https://www.tendocity.net/forumdisplay.php?fid=4)
+--- Forum: Ramble City (https://www.tendocity.net/forumdisplay.php?fid=44)
+--- Thread: Internet threat exposed (/showthread.php?tid=3916)

Internet threat exposed - etoven - 26th July 2006

<TABLE class=Article_Table cellSpacing=0 cellPadding=11 width="100%"><TBODY><TR><TD class=Article_IntroCell>

Reprinted from TovenSolutions Web Site
Visit orignal article: [Here]

Beware of Phishing (New Internet threat)

Posted by etoven on Wednesday, July 26, 2006 (EST)

A new internet threat has been identified by TovenSolutions that could lead to identity theft. It's called phishing, or otherwise known as spoofing.

</TD></TR><TR><TD class=Article_BodyCell>The threat

A new internet threat has been identified by TovenSolutions that could lead to identity theft. It's called phishing, or otherwise known as spoofing.

Step 1 of this scam is to create a bot. In the threat that we identified a bot reads threw eBay listings and gathers some public information about your account. Public information includes items you listed and your email address.

Step 2 of the scam involves the bot sending out an email to you using the email address it found on your eBay home page. The email renders to look identical to an official "user has sent you a question" email from eBay.

Step 3 of the scam presents you a link to supposedly your eBay account in the generated email. Since there is a link in the official email as well, this usually arouses no suspicion. The link in the email however does not take you to an official eBay server instead it takes you to a spoof server that has a similar domain name or URL. The page your taken to looks identical to the official eBay login page complete with false Vera sign logo. The unsuspecting user enters in their login information and the false page now has stolen your eBay login. The page then submits your information to the real eBay logon page, which sends you an your way, and your none the wiser.

What you can do

My suggestion is to download Internet Explorer 7 which has a built in phishing filter which is live and always up to date. Using Internet Explorer 7 you can report sites that look suspicious as well.

Another method is to look for a VeriSign logo on the page. Click on the logo and look for "Identity Verified" in the page, also make sure it as a genuine VeriSign seal it should start with "https://seal.verisign.com", with nothing in front of it. If the URL starts with anything but "https://seal.verisign.com" it is a fake site and should be closed out immediately.

One final technique for identifying phishing sites is to closely examine the URL. Look for URLs like "http://sfsdfsf.com:8080/http:my.ebay.com", two http's or a valid URL inside of another URL is a sure sign of a spoof.

</TD></TR></TBODY></TABLE>

Internet threat exposed - Weltall - 26th July 2006

But... phishing's been around, like, forever.

And, my solution is simpler than downloading Microsoft's Mozilla Clone; Don't ever click links in your email that you didn't expressly request.

I'm a god damn genius.

Internet threat exposed - Dark Jaguar - 26th July 2006

"New"? Yes, it has been around forever. Very simple thing here. Use common sense. Most people may actually need a filter, but if I try going to Nintendo.com and it's actually Nuntendo.com and it asks for my personal data, I think I'll be able to avoid it easily.

Phishing, like virii, is only a threat to the naive.

It's worms you have to look out for, or anything that uses security exploits to somehow install themselves without your permission.

Internet threat exposed - etoven - 26th July 2006

The new threat I was referring to was the particular bot the article talks about.

Internet threat exposed - etoven - 26th July 2006

Ryan Wrote:But... phishing's been around, like, forever.

And, my solution is simpler than downloading Microsoft's Mozilla Clone; Don't ever click links in your email that you didn't expressly request.

I'm a god damn genius.

I would think you would wish to respond to a eBay item question, and the URL masking on the site the link takes you to was damn near brilliant.

The spoof er in this case made use of the fact that an eBay URL is usually full of post data redirects, and query strings. The average person would just click on the email link to respond to the question, and probably would not even look at the URL in the address bar. Remember the email sender address was spoofed, the message is bit for bit identical to the real thing and appears to be emailed from eBay servers.

Internet threat exposed - Weltall - 26th July 2006

I've gotten several such emails before, always inquiring about items I'm supposedly selling.

Which is funny, because I've sold all of maybe three or four items on ebay in my entire life.

Still, even though it may now be a bot doing the job and not a single individual, the techniques look the same to me, and I'd know what to look at before I ever thought to click a link.

Internet threat exposed - Weltall - 26th July 2006

I mean, every link relevant to the item is very obviously fake.

Internet threat exposed - etoven - 26th July 2006

Every link on this page leads to a spoofed site:

<TABLE id=table1 cellSpacing=0 cellPadding=0 width="100%"><TBODY><TR><TD style="WORD-WRAP: break-word" width="100%"><TABLE id=table2 cellSpacing=0 cellPadding=0 width="100%" border=0 xmlns:x="urn:schemas-microsoft-com:xslt"><TBODY><TR><TD><TABLE id=table3 cellSpacing=0 cellPadding=0 width="100%" border=0><TBODY><TR><TD><TABLE id=table4 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>eBay sent this m</TD><TD>ess</TD><TD>age to n</TD><TD>ick</TD><TD>mccordcomputers.</TD></TR></TBODY></TABLE><TABLE id=table5 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>Your r</TD><TD>egi</TD><TD>stered name is included to show this </TD><TD>mes</TD><TD>sage ori</TD><TD>gin</TD><TD>ate</TD><TD>d f</TD><TD>rom </TD><TD>eBa</TD><TD>y. </TD><TD>Learn more.</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE><TABLE id=table6 cellSpacing=0 cellPadding=0 width="100%" bgColor=white border=0><TBODY><TR><TD noWrap width="1%"> [Image: hdrLeft_13x39.gif]

</TD><TD noWrap width="98%" background=http://pics.ebaystatic.com/aw/pics/email/syiSessions/imgSpan_5x39.gif><TABLE id=table7 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>Question a</TD><TD>bou</TD><TD>t </TD><TD>Ite</TD><TD>m -- Respond Now</TD></TR></TBODY></TABLE></TD><TD vAlign=bottom noWrap width="1%"> [Image: hdrRight_90x39.gif]

</TD></TR></TBODY></TABLE><TABLE id=table8 cellSpacing=0 cellPadding=0 width="100%" border=0><TBODY><TR><TD> [Image: s.gif]

</TD><TD><TABLE id=table9 cellSpacing=0 cellPadding=0 width="100%" border=0><TBODY><TR><TD><TABLE id=table10 style="BORDER-RIGHT: #9999cc 1px solid; BORDER-LEFT: #9999cc 1px solid; BORDER-BOTTOM: #9999cc 1px solid" width="100%" bgColor=#eeeef8 border=0><TBODY><TR><TD style="PADDING-LEFT: 8px" height=30>eBay sent this message on behalf of an eBay member via My Messages. Responses sent using email will go to the eBay member directly and will include your email address. Click the Respond Now button below to send your response via My Messages.</TD></TR></TBODY></TABLE></TD><TD> [Image: s.gif]

</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR><TR><TD> [Image: s.gif]

</TD></TR><TR><TD><TABLE id=table11 cellSpacing=0 cellPadding=0 width="100%" border=0><TBODY><TR><TD> [Image: s.gif]

</TD><TD vAlign=top><TABLE id=table12 cellSpacing=0 cellPadding=0 width="100%" border=0><TBODY><TR><TD vAlign=top><TABLE id=table13 cellSpacing=0 cellPadding=0 width="100%" border=0><TBODY><TR><TD><TABLE id=table14 cellSpacing=0 cellPadding=1 width="100%" align=center bgColor=#9999cc border=0><TBODY><TR bgColor=#9999cc height=26><TD>Question from bestcustomer92</TD></TR><TR><TD><TABLE id=table15 cellSpacing=0 cellPadding=0 width="100%" align=center border=0><TBODY><TR bgColor=#eeeeee><TD><TABLE id=table16 cellSpacing=4 cellPadding=0 width="100%"><TBODY><TR><TD><TABLE id=table17 cellSpacing=0 cellPadding=0 width="100%" border=0><TBODY><TR><TD>Item: Seagate 160G harddrive (260011310351)</TD></TR></TBODY></TABLE><TABLE id=table18 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>This message was </TD><TD>sen</TD><TD>t while the </TD><TD>lis</TD><TD>ting was </TD><TD>active.</TD></TR></TBODY></TABLE></TD></TR><TR><TD>bestcustomer92 is a potential buyer.</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR><TR bgColor=#c6c6c6><TD> [Image: s.gif]

</TD></TR><TR bgColor=#ffffff><TD><TABLE id=table19 cellSpacing=0 cellPadding=4><TBODY><TR><TD vAlign=top width="75%">Hi, I would like to know if is possible to ship to New Jersey? I am very interested so I'll wait a response. Have a nice day

</TD><TD vAlign=top align=middle width="22%"><TABLE id=table20 borderColor=#999999 cellSpacing=0 cellPadding=0 width="100%" bgColor=#eeeef8 border=1><TBODY><TR><TD><TABLE id=table21 cellSpacing=3 cellPadding=3 width="100%"><TBODY><TR><TD align=middle>Respond to this question in My Messages.</TD></TR><TR><TD align=middle> [Image: btnRespondNow.gif]

</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD><TD width="3%"></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR><TR><TD> [Image: s.gif]

</TD></TR><TR><TD><TABLE id=table22 cellSpacing=0 cellPadding=0 width="100%" border=0><TBODY><TR bgColor=#9c9c9c><TD colSpan=3> [Image: s.gif]

</TD></TR><TR bgColor=#d6deff height=22><TD align=left width="1%"> [Image: s.gif]

</TD><TD align=left>Item Details</TD></TR><TR bgColor=#ffffff><TD colSpan=3> [Image: s.gif]

</TD></TR><TR bgColor=#fed73b><TD colSpan=3> [Image: s.gif]

</TD></TR></TBODY></TABLE><TABLE id=table23 style="BORDER-RIGHT: #d6dcfe 1px solid; BORDER-TOP: #d6dcfe 1px solid; BORDER-LEFT: #d6dcfe 1px solid; BORDER-BOTTOM: #d6dcfe 1px solid" cellSpacing=0 cellPadding=0 width="100%" bgColor=white><TBODY><TR><TD width="100%"><TABLE id=table24 cellSpacing=0 cellPadding=3 width="100%" border=0><TBODY><TR><TD noWrap width="1%">Item name:</TD><TD>Seagate 160G harddrive</TD></TR><TR bgColor=#f4f4f4><TD noWrap width="1%">Item number:</TD><TD>260011310351</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR><TR><TD> [Image: s.gif]

</TD></TR><TR><TD><TABLE id=table25 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD> [Image: s.gif]

</TD></TR><TR><TD>View item description:</TD></TR><TR><TD>http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=260011310351&sspagename=ADME:B:AAQ:US:1</TD></TR><TR><TD> [Image: s.gif]

</TD></TR><TR><TD>Thank you for using eBay!</TD></TR><TR><TD>http://www.ebay.com/</TD></TR><TR><TD> [Image: s.gif]

</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD><TD vAlign=top width=10> [Image: s.gif]

</TD><TD vAlign=top align=right width=200><TABLE id=table26 cellSpacing=0 cellPadding=0 width="100%" border=0><TBODY><TR><TD><TABLE id=table27 style="BORDER-RIGHT: #6b7b91 1px solid; BORDER-TOP: #6b7b91 1px solid; BORDER-LEFT: #6b7b91 1px solid; BORDER-BOTTOM: #6b7b91 1px solid" cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD><TABLE id=table28 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD><TABLE id=table29 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD bgColor=#cad2dd> [Image: imgShield_25x25.gif]

</TD><TD noWrap bgColor=#cad2dd>Marketplace Safety Tip</TD><TD bgColor=#cad2dd> [Image: imgTabCorner_25x25.gif]

</TD></TR></TBODY></TABLE></TD></TR><TR><TD><TABLE id=table30 cellSpacing=0 cellPadding=5 border=0><TBODY><TR><TD>Always remember to <TABLE id=table31 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>[size=2][b]complete your t</TD><TD>ran</TD><TD>sactions </TD></TR></TBODY></TABLE><TABLE id=table32 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>on eBay - it</TD><TD>'s </TD><TD>the saf</TD><TD>er </TD><TD>way to</TD></TR></TBODY></TABLE>trade.[/b]

<TABLE id=table33 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>Is this mes</TD><TD>sag</TD><TD>e an offer to buy </TD></TR></TBODY></TABLE><TABLE id=table34 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>your item </TD><TD>dir</TD><TD>ectly through email </TD></TR></TBODY></TABLE><TABLE id=table35 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>without winning </TD><TD>the</TD><TD>item on</TD></TR></TBODY></TABLE><TABLE id=table36 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>eBay? If so, p</TD><TD>lea</TD><TD>se help make </TD></TR></TBODY></TABLE><TABLE id=table37 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>the eBa</TD><TD>y m</TD><TD>arketplace safer by </TD></TR></TBODY></TABLE>reporting it to us. These "outside of eBay" <TABLE id=table38 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>transactions </TD><TD>may</TD><TD>be unsafe and</TD></TR></TBODY></TABLE>are against eBay policy. Learn more about trading safely.[/size]
</TD></TR></TBODY></TABLE></TD></TR><TR><TD bgColor=#c9d2dc height=5> [Image: s.gif]

</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR><TR><TD> [Image: s.gif]

</TD></TR><TR><TD><TABLE id=table39 style="BORDER-RIGHT: #c6c6c6 1px solid; BORDER-TOP: #c6c6c6 1px solid; BORDER-LEFT: #c6c6c6 1px solid; BORDER-BOTTOM: #c6c6c6 1px solid" cellSpacing=0 cellPadding=5 width="100%" border=0><TBODY><TR><TD><TABLE id=table40 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>[size=2]Is thi</TD><TD>s e</TD><TD>mail inappropriate? </TD></TR></TBODY></TABLE>Does it violate eBay policy? <TABLE id=table41 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>Help protect t</TD><TD>he </TD><TD>community by</TD></TR></TBODY></TABLE>reporting it.[/size]</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></TD></TR><TR><TD colSpan=3> [Image: s.gif]

</TD></TR></TBODY></TABLE><TABLE id=table42 cellSpacing=0 cellPadding=0 width="100%" bgColor=#cccccc><TBODY><TR><TD height=1></TD></TR></TBODY></TABLE><TABLE id=table43 cellSpacing=0 cellPadding=0 width="100%" border=0><TBODY><TR><TD> [Image: s.gif]

</TD></TR><TR><TD>Learn how you can protect yourself from spoof (fake) emails at:

http://pages.ebay.com/education/spooftutorial
</TD></TR><TR><TD> [Image: s.gif]

</TD></TR><TR><TD><TABLE id=table44 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>[size=1]This eBay notice was sent to etoven@tovennet.ne</TD><TD>t o</TD><TD>n </TD><TD>beh</TD><TD>alf of another eBay m</TD><TD>emb</TD><TD>er through the eBa</TD><TD>y p</TD><TD>latform and in</TD></TR></TBODY></TABLE><TABLE id=table45 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>accordance </TD><TD>wit</TD><TD>h our Privacy Policy. If you would like to rec</TD><TD>eiv</TD><TD>e this email in te</TD><TD>xt </TD><TD>fo</TD><TD>rma</TD><TD>t, change your </TD><TD>notification preferences. </TD><TD></TD></TR></TBODY></TABLE>[/size]</TD></TR><TR><TD> [Image: s.gif]

</TD></TR><TR><TD>See our Privacy Policy and User Agreement if you have questions about eBay's communication policies.

Privacy Policy: http://pages.ebay.com/help/policies/privacy-policy.html
User Agreement: http://pages.ebay.com/help/policies/user-agreement.html
</TD></TR><TR><TD> [Image: s.gif]

</TD></TR><TR><TD>Copyright © 2006 eBay, Inc. All Rights Reserved.

<TABLE id=table46 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>[size=1]Designate</TD><TD>d t</TD><TD>rademark</TD><TD>s a</TD><TD>nd brands are the pr</TD><TD>ope</TD><TD>rty </TD><TD>of </TD><TD>their respective owners.</TD></TR></TBODY></TABLE><TABLE id=table47 cellSpacing=0 cellPadding=0 border=0><TBODY><TR><TD>eBay and the eBay </TD><TD>log</TD><TD>o ar</TD><TD>e r</TD><TD>eg</TD><TD>ist</TD><TD>ered trademarks or trademarks </TD><TD>of </TD><TD>eBay, Inc.</TD></TR></TBODY></TABLE>eBay is located at 2145 Hamilton Avenue, San Jose, CA 95125.[/size]
</TD></TR></TBODY></TABLE>

</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE>

Internet threat exposed - Weltall - 26th July 2006

You're kidding, right? I can tell which links are from ebay and which redirect to realpm.co.jp.

I clicked the ebay links and they all went to ebay pages. I know they're legit because they recognize my saved login. A spoof site would not.

I didn't click the links that weren't from ebay. I would sincerely hope that clicking any link on this page here would not redirect me to a real spoof site. If they do, kindly remove them.

Internet threat exposed - A Black Falcon - 26th July 2006

They do, look at where the links lead to.

Internet threat exposed - etoven - 26th July 2006

Ryan Wrote:You're kidding, right? I can tell which links are from ebay and which redirect to realpm.co.jp.

I clicked the ebay links and they all went to ebay pages. I know they're legit because they recognize my saved login. A spoof site would not.

I didn't click the links that weren't from eBay. I would sincerely hope that clicking any link on this page here would not redirect me to a real spoof site. If they do, kindly remove them.

The spoofed pages posed no security risk unless some idiot decided to log in to the spoofed page after clearly being told not to. But I agree to air on the side of caution so I removed the links.

But back to my original point....

People don't check the URL coming from a email as legitimate looking as that one. Especially the beginner to novice user which might make up maybe 60% to 70% of the user population. Especially since the items were recently posted for which the bot is completely aware.