[Dshield] Email and Websites Impersonating eBay

Johannes Ullrich jullrich at euclidian.com
Sat Oct 18 16:52:08 GMT 2003


yes. they are all to common (with varying sophistication).

if you receive such an email, or hear about a site like this,
contact 'spoof at ebay.com'. They will send their attack lawyers
after them.

Unfortunately, there is not that much that can be done about these
sites. They frequently use 'auto pilot' hosting companies in hard
to reach countries. I wouldn't be surprised if many of the systems
that host these pages are hacked.

Overall, the best thing to do is user education. But this is also
the hard part. Its not always easy to spot these fake sites. They
frequently use 'obfuscated' host names and sometimes they even
manage to use SSL. When was the last time you checked the content
of an SSL certificated. (yes, it is ... but SSL isn't of much help
to find out)

Overall, the best 'tip' is probably to avoid clicking on any URL if you
intend to enter personal information. Rather type the URL yourself (e.g.
'http:/www.ebay.com' ) and follow links from that site :-/


hehe... little challange:
how do you know that 'https://secure.dshield.org' is actually associated
with 'DShield.org', myself or the SANS Institute?




On Sat, 2003-10-18 at 08:18, Parreira Juan Manuel wrote:
> These requests often include links to Web pages that will request a sign in
> and submit information.
> 
> http://211.35.244.54:199/index.htm
> 
> jUAN maNUEL pARREIRA
> 
> ______________________________________________________________________
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
-- 
--------------------------------------------------------------
Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
--------------------------------------------------------------
   "We regret to inform you that we do not enable any of the 
    security functions within the routers that we install."
         support at covad.net
--------------------------------------------------------------





More information about the list mailing list