26th July 2006, 8:42 AM
<TABLE class=Article_Table cellSpacing=0 cellPadding=11 width="100%"><TBODY><TR><TD class=Article_IntroCell>
Reprinted from TovenSolutions Web Site
Visit orignal article: [Here]
Beware of Phishing (New Internet threat)
Posted by etoven on Wednesday, July 26, 2006 (EST)
A new internet threat has been identified by TovenSolutions that could lead to identity theft. It's called phishing, or otherwise known as spoofing.
</TD></TR><TR><TD class=Article_BodyCell>The threat
A new internet threat has been identified by TovenSolutions that could lead to identity theft. It's called phishing, or otherwise known as spoofing.
Step 1 of this scam is to create a bot. In the threat that we identified a bot reads threw eBay listings and gathers some public information about your account. Public information includes items you listed and your email address.
Step 2 of the scam involves the bot sending out an email to you using the email address it found on your eBay home page. The email renders to look identical to an official "user has sent you a question" email from eBay.
Step 3 of the scam presents you a link to supposedly your eBay account in the generated email. Since there is a link in the official email as well, this usually arouses no suspicion. The link in the email however does not take you to an official eBay server instead it takes you to a spoof server that has a similar domain name or URL. The page your taken to looks identical to the official eBay login page complete with false Vera sign logo. The unsuspecting user enters in their login information and the false page now has stolen your eBay login. The page then submits your information to the real eBay logon page, which sends you an your way, and your none the wiser.
What you can do
My suggestion is to download Internet Explorer 7 which has a built in phishing filter which is live and always up to date. Using Internet Explorer 7 you can report sites that look suspicious as well.
Another method is to look for a VeriSign logo on the page. Click on the logo and look for "Identity Verified" in the page, also make sure it as a genuine VeriSign seal it should start with "https://seal.verisign.com", with nothing in front of it. If the URL starts with anything but "https://seal.verisign.com" it is a fake site and should be closed out immediately.
One final technique for identifying phishing sites is to closely examine the URL. Look for URLs like "http://sfsdfsf.com:8080/http:my.ebay.com", two http's or a valid URL inside of another URL is a sure sign of a spoof.
</TD></TR></TBODY></TABLE>
Reprinted from TovenSolutions Web Site
Visit orignal article: [Here]
Beware of Phishing (New Internet threat)
Posted by etoven on Wednesday, July 26, 2006 (EST)
A new internet threat has been identified by TovenSolutions that could lead to identity theft. It's called phishing, or otherwise known as spoofing.
</TD></TR><TR><TD class=Article_BodyCell>The threat
A new internet threat has been identified by TovenSolutions that could lead to identity theft. It's called phishing, or otherwise known as spoofing.
Step 1 of this scam is to create a bot. In the threat that we identified a bot reads threw eBay listings and gathers some public information about your account. Public information includes items you listed and your email address.
Step 2 of the scam involves the bot sending out an email to you using the email address it found on your eBay home page. The email renders to look identical to an official "user has sent you a question" email from eBay.
Step 3 of the scam presents you a link to supposedly your eBay account in the generated email. Since there is a link in the official email as well, this usually arouses no suspicion. The link in the email however does not take you to an official eBay server instead it takes you to a spoof server that has a similar domain name or URL. The page your taken to looks identical to the official eBay login page complete with false Vera sign logo. The unsuspecting user enters in their login information and the false page now has stolen your eBay login. The page then submits your information to the real eBay logon page, which sends you an your way, and your none the wiser.
What you can do
My suggestion is to download Internet Explorer 7 which has a built in phishing filter which is live and always up to date. Using Internet Explorer 7 you can report sites that look suspicious as well.
Another method is to look for a VeriSign logo on the page. Click on the logo and look for "Identity Verified" in the page, also make sure it as a genuine VeriSign seal it should start with "https://seal.verisign.com", with nothing in front of it. If the URL starts with anything but "https://seal.verisign.com" it is a fake site and should be closed out immediately.
One final technique for identifying phishing sites is to closely examine the URL. Look for URLs like "http://sfsdfsf.com:8080/http:my.ebay.com", two http's or a valid URL inside of another URL is a sure sign of a spoof.
</TD></TR></TBODY></TABLE>