They are getting better and better at this :)

Here is email I found in my bulk folder recently. I was curious to look into it. I knew it is wrong email.

eBay Phishing email

From:

Subject :

Body

Notes

  • Overall, email looks quite authentic ! ( But it is not )
  • They used all images from actual eBay website
  • Privacy statement and user agreement links also pointing to actual ebay website. Well, no harm there.
  • Smartly, actual link to Phishing website was an image, which is pointing “ebaystatic.com”. I don’t think that it is valid ebay domain. I am not sure though.

Where is the catch?

  • You only find catch when you see where that image button is actually going ( See it from “view source” )
< a target=“_blank”  rel=“nofollow” 
_ href=“http://rds.yahoo.com/
_ylt=A0ylu=X3oDXzc1/SIG=148vsd1jp/EXP=1138544186
/**http://68.179.141.65/login.php” >
< img border=“0″ 
src=“http://pics.ebaystatic.com/aw/pics//email/btnRespond.gif”  
width=“193″ height=“22″>

Good try ! but we know better :) Please, remember:

  • Good and geniune website will never ask and solicit user to enter login & password information. Most of us know that, but still good reminder does not hurt :)
Filed under General, Password theft, Tips, EduZone