[Dshield] Email and Websites Impersonating eBay

Robert Dodd bobdodd at sheperd.com
Sat Oct 18 18:21:46 GMT 2003


In a similar vein, but slightly OT for this group, my bank has sent out
material from address at banknamehere.m0.net

I contacted customerrelations at banknamehere.com to confirm that the message
was really from them and explained that this was a bad idea. Anyone can set
up address at banknamehere.mydomain.com

I've gotten no response. I'm tempted to do it and begin correspondence. I
wonder if they would even notice.

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org]On
Behalf Of Johannes Ullrich
Sent: Saturday, October 18, 2003 9:52 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Email and Websites Impersonating eBay



yes. they are all to common (with varying sophistication).

if you receive such an email, or hear about a site like this,
contact 'spoof at ebay.com'. They will send their attack lawyers
after them.

Unfortunately, there is not that much that can be done about these
sites. They frequently use 'auto pilot' hosting companies in hard
to reach countries. I wouldn't be surprised if many of the systems
that host these pages are hacked.

Overall, the best thing to do is user education. But this is also
the hard part. Its not always easy to spot these fake sites. They
frequently use 'obfuscated' host names and sometimes they even
manage to use SSL. When was the last time you checked the content
of an SSL certificated. (yes, it is ... but SSL isn't of much help
to find out)

Overall, the best 'tip' is probably to avoid clicking on any URL if you
intend to enter personal information. Rather type the URL yourself (e.g.
'http:/www.ebay.com' ) and follow links from that site :-/


hehe... little challange:
how do you know that 'https://secure.dshield.org' is actually associated
with 'DShield.org', myself or the SANS Institute?




On Sat, 2003-10-18 at 08:18, Parreira Juan Manuel wrote:
> These requests often include links to Web pages that will request a sign
in
> and submit information.
>
> http://211.35.244.54:199/index.htm
>
> jUAN maNUEL pARREIRA
>
> ______________________________________________________________________
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
--
--------------------------------------------------------------
Johannes Ullrich                     jullrich at euclidian.com
pgp key: http://johannes.homepc.org/PGPKEYS
--------------------------------------------------------------
   "We regret to inform you that we do not enable any of the
    security functions within the routers that we install."
         support at covad.net
--------------------------------------------------------------


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list