Nasty Phishing Email/Site

2006-04-05 @ 18:14:32

rants-and-raves

here.

I use eBay semi-regularly, but I don’t tend to sell stuff on it, and there’s no way they’d have my credit card number on file, or any sort of regular payment. So the email pictured below was clearly (to me) a Phishing attempt. What makes this one different to most that I have seen is that there aren’t any spelling or grammatical errors, or at least none I picked up on a casual read. And I tend to notice these type of errors. With no intention of putting in my real details, I copied and pasted (Gmail had kindly noticed that it was a Phishing attempt, and had Spam-binned it already) the URL, which clearly wasn’t an ebay address. The site that came up was rather ‘correct’ looking. Even though there is a tipoff here: right at the bottom it says:

Be sure the website address you see above starts with https://signin.ebay.com/

and it clearly doesn’t. It does have that in there, and that might be enough to fool a less experienced user. Knowing full well that this was a phishing attempt, I put in a nonsense username and password combination: adolf.hitler and nazism. Unsurprisingly, it appeared as though I had logged in, and loaded up the next page, which is very scary. Okay, so you want my Credit Card number, and the three digit authorisation code, but also my PIN? Fuck-a-duck. Anyone who puts that in there is just a wanker. Seriously, if the banks say don’t give your PIN to anyone, why would you need to give it to eBay? • I have come up with what perhaps should be the first step in testing to see if a site is a Phishing attempt or not: make up a garbage username/password combination, and see if that works. If it does, it certainly is a fake. I always try to visit Phishing sites, and create several fake usernames and passwords, in order to at least dilute the effectiveness of the attempt. If the owners have to risk noticable behaviour by typing in wrong password/username combinations, it might make the Phish less worthwhile. I’d like even more to automate scripts that hit a Phish server thousands of times, with faked usernames and passwords. One day.