[Dshield] New Phish - AntiPhishing.org?

Chris Wright dshield at yaps4u.net
Fri Aug 19 15:13:20 GMT 2005


> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Holmes, Alan
> Sent: Friday, August 19, 2005 2:11 PM
> To: 'General DShield Discussion List'
> Subject: [Dshield] New Phish - AntiPhishing.org?
> Hey, does anyone know what became of www.antiphishing.org 
> <http://www.antiphishing.org> ?  They haven't updated their 
> site since the end of June.
> I got a really good eBay phish yesterday telling me that eBay 
> was disabling or severely restricting inactive eBay accounts. 
>  I haven't bought anything (or sold) on eBay for a few months 
> so it caught my attention.
> As per my usual procedure, rather than clicking on the link, 
> I went to eBay's site, logged in and found no such 
> information.  A view-source on the email had the hyperlink 
> actually go to a subdirectory (starting with a "."
> so that it wouldn't show up on an "ls") HVAC company's 
> website.  Clearly the company's server was hacked and used to 
> collect all of the information in a form.
> I went to the antiphishing site and did a search to make sure 
> that the phish I saw was listed (as I have pointed many 
> people to this site in the past when they receive suspicious 
> emails).  No recent information.  Oh well.
> What was interesting about this phish is that not only did it 
> have my home email address (duh, I got the email) but it had 
> the correct corresponding eBay user ID which looks nothing 
> like the username part of my home email address.  That's what 
> made it look so convincing.
> Think I should report this to eBay?  What about the company's 
> website that got hacked?
> Alan

Ebay NEVER EVER send out emails making references to your account unless in
response to one that you have sent them.  (They might send out generic
emails, but I can't remember the last time I received one, but to repeat,
they NEVER NEVER EVER send out emails regarding account information, period.

These emails like the ones that you got above are sent to 100's of 1000's of
users.  It redirects you to a site but a uses parts of the ebay site
graphics to make it appear real.  They have not hacked EBAYS servers at all.
I don't know how they got your Ebay User ID, and that is the first time I
have heard of that.

You can report it to ebay by forwarding the original email to :
spoof at ebay.co.uk
(if you ever get a paypal spoof, funnily enough send it to
spoof at paypal.co.uk)
Replace .co.uk with .com or whatever tld/region you are in.

I usually send on ebay/paypal phishing attempts to the spoof addresses.
All other phishing attempts (banks and Nigerian) go to the antiphishing.org

But not that I think I can ever say it too many times, No respectable
company EVER EVER sends out an email requesting you to go anywhere and enter
your username and password. EVER EVER EVER.

If you want the absolute best, the most up to date,
anti-phishing/anti-virus/anti-Trojan tool in the world, it is called common
sense and can be downloaded from your parents and peers.  Bin the rest, they
are crap.  Just use CS !!!



More information about the list mailing list