I guess e-bay had some problems? A few users got this message from them.
Dear eBay user!
At 09.24.2003 our company has lost a number of accounts in the system during the database maintenance. If you have an active account, please click on the link below to update your credit card information. If you have problems with your account, please let us know at email support@ebay.com <mailto:support@ebay.com>
https://cgi.ebay.com/saw-cgi/eBayISAPI.dll?UpdateInformation <https://e%31bay.com/saw-cgi/?UpdateInformation>
On Fri Sep 26, 2003 at 12:25:52PM -0400, Mike Tomasura wrote:
https://cgi.ebay.com/saw-cgi/eBayISAPI.dll?UpdateInformation <https://e%31bay.com/saw-cgi/?UpdateInformation> ^^^^^^^
Looks like another scam Simon -- Simon Lockhart | Tel: +44 (0)1628 407720 (x37720) | Si fractum Technology Manager | Fax: +44 (0)1628 407701 (x37701) | non sit, noli BBC Internet Operations | Email: Simon.Lockhart@bbc.co.uk | id reficere BBC Technology, Maiden House, Vanwall Road, Maidenhead. SL6 4UB. UK
On Fri, 26 Sep 2003, Mike Tomasura wrote:
I guess e-bay had some problems? A few users got this message from them.
Dear eBay user!
At 09.24.2003 our company has lost a number of accounts in the system during the database maintenance. If you have an active account, please click on the link below to update your credit card information. If you have problems with your account, please let us know at email support@ebay.com <mailto:support@ebay.com>
https://cgi.ebay.com/saw-cgi/eBayISAPI.dll?UpdateInformation <https://e%31bay.com/saw-cgi/?UpdateInformation>
The fact that the url is e-bay.com and they don't have a valid certificate is a good indication that this is a scam. There are lots of them that look very similar. K
I guess e-bay had some problems? A few users got this message from
On Friday, 2003-09-26 at 12:25 AST, Mike Tomasura <MTomasura@BradleyCaldwell.com> wrote: them.
Dear eBay user!
At 09.24.2003 our company has lost a number of accounts in the system during the database maintenance. If you have an active account, please click on the link below to update your credit card information. If you have problems with your account, please let us know at email support@ebay.com <mailto:support@ebay.com>
https://cgi.ebay.com/saw-cgi/eBayISAPI.dll?UpdateInformation <https://e%31bay.com/saw-cgi/?UpdateInformation>
This is a clever attempt to harvest ebay account information. The message, with the subject "Official Notice for all eBay users" consists of 2 parts: 1. An html section, which includes a link to (don't click on this) http://scgi.ebay.com@%32%31%31%2E%32%31%37%2E%32%32%34%2E%31%=30%32:%34%39%3..., and a display of "pic.gif". 2. A base 64 attachment - pic.gif. What you normally see when you open the message is just the gif file. But the gif appears to be text, including a picture of the text asking you to click on "http://scgi.ebay.com/saw-cig/eBayISAPI.dll?VerifyInformation" But the real link (as might be displayed at the bottom of your mail client window if it gives you a preview of links) is the one shown in #1. And that link doesn't go to ebay.com - it really goes to 211.217.224.102, port 4901. That is because everything in front of the "@" is treated by your browser as data (a userid, in theory) to be passed to the target host, not as the host name. That target web server, when it was working, displayed a page that is forged to look like an ebay page, asking you to reenter your ebay userid and password. Don't do it! Today, the host at 211.217.224.102 is no longer listening on port 4901. Tony Rall
participants (4)
-
Krzysztof Adamski
-
Mike Tomasura
-
Simon Lockhart
-
Tony Rall