Sunday, November 21, 2004

Be warned - there is yet another phishing email going around - this one is a bit more sophisticated than some of the others.

It arrives to your ebay email account - what you are registered with ebay with. It seems to be from ebay, and looks official. It even has all of the ebay copyright text and legal stuff at the bottom.

The subject was "Your Final warning from eBay"

Body of email was as below:


>*Place or Update Credit Card on File*
>
>
>Dear *eBay Customer *,
>
>This is your final warning about the safety of your eBay account. If you do not
>update your billing informations your access on eBay will be restricted and the
>user deleted. This might be due to either following reasons:
>
> - A recent change in your personal information (i.e. change of address)
> - Submiting invalid information during the initial sign up process.
> - An inability to accurately verify your selected option of payment
>due an internal error within
> our processors.
>
>
>Your credit card on file with eBay
>
>
>Card number: XXXX-XXXX-XXXX-4322 (Not shown for security purposes) Expiration
>date: 11/05
>
>Please sign in to your eBay account and update your billing information:
>
> http://signin.ebay.com/eBayISAPI.dll?SignIn&ssPageName=h:h:sin:US"
> http://mail.badidea.com/.signin.ebay.com/ws/eBayISAPIdllSignIn.php


Please note that this is NOT any card I have ever owned, so they made this up to make it look more official. The first line is what they show you in the link text, the second line is where the link actually goes to. badidea? NOT EBAY!

If you have html enabled in your email client, like Outlook does by default, you will only see the top address, which looks like it goes to ebay. When you click on it, you go to the second, hidden address, which likely leads to a website that looks just like ebays but is designed to steal your account information or may even be infected with a virus or trojan that will infect anyone that visits the website. (I edited the real name out just in case anyone was silly enough to try to visit that place.)

The rest of the email finishes with the standard threat and legal stuff:


>
>If your account information is not updated, your ability to sell or bid on eBay
>will become restricted.
>
>Thank you,
>eBay Billing Department
>
>--------------------------------------------------------------------------------
>eBay treats your personal information with the utmost care, and our Privacy
>Policy is designed to protect you and your information. eBay will never ask
>their users for personal information, such as bank account numbers, credit card
>numbers, pin numbers, passwords, or Social Security numbers in an email. For
>more information on how to protect your eBay password and your account, please
>visit User Account Protection .
>This eBay notice was sent to you based on your eBay account preferences and in
>accordance with our Privacy Policy
>. To change your
>notification preferences, click here
>. If you would like to
>receive this email in text format, click here
>.
>
>Copyright © 2004 eBay Inc. All Rights Reserved.
>Designated trademarks and brands are the property of their respective owners.
>eBay and the eBay logo are trademarks of eBay Inc.



All of the links and text in the last part are apparently lifted from a real ebay email, as the links all go to the real ebay site. Very sneaky.