IWETHEY v. 0.3.0 | TODO
1,095 registered users | 1 active user | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Nasty phish
Can anyone explain why the following link looks so legit when you load it? (No, I won't make it clickable. Copy and paste it.)

signin.ebay.com/ws/eBayISAPI.dll?SignInMCAlert&ru=http://www.houseofhope.ro/signin/ws2/eBayISAPI.dll/SignIncopartnerId2pUserId/pageTypepa1i1bshowgif/UsingSSL/i.html
===

Kip Hawley is still an idiot.

===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
http://DocHope.com
Expand Edited by drewk Dec. 22, 2006, 10:18:24 PM EST
New Huh..?
Well I ain't no expert but...
Since the first Phish addy is usually in xxx.xxx.etc. URL notation, prior to any authentic one, and here -- it's

www.houseofhope.ro

I'd call this an Obvious Phish - even if I weren't already familiar with eBay layout habits.

I mean - no viable 'address' should precede ebay.com - right?
Or am I missing something subtle?

('Course too - re. any communication "from eBay": one goes to My eBay to verify legitimacy.) There are few email links I'd ever clicky clicky sans-Thinking (Salon is one.)

I get about 2-4 a week; most are immediately obv. via mouse-over. Sometimes (if it's an org which I use - I'll send a copy along.. to fraud@ incl. several like this: to eBay. Not that I imagine that they spend more than $666/year "Hunting Fraudsters" - for all their Billions.

It takes a Village and a p-p-p-Powerbook to really OUT-scam one of these mothers.

New Oops, forgot to turn off the url converter
Look again. The URL starts with a real eBay url.
===

Kip Hawley is still an idiot.

===

Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
New Hmmm
I don't see the protocol specifier at the beginning of that url. They might be trying to catch people with certain unpatched browsers only reading the part of the URL after the first actual instance of "http://" in it. Currently, that leads to a 404, but it's always possible that that wasn't the case a day or so ago...
New It looks like they're using Ebay's own redirects.
Looks like a security hole in Ebay's login processing, but I'm not sure how it could send your loging details to the phisher's site. That *might* be why they haven't fixed it, but it's not a hole I'd leave open, anyway.

Wade.
"Don't give up!"
[link|http://staticsan.livejournal.com/|blog] · [link|http://yceran.org/|website]
New something slightly different in my inbox
click on the response tab gives you
[link|http://0xdd.0x6.0xf.0x8a/ws/eBayISAPI.dll|http://0xdd.0x6.0xf..../ws/eBayISAPI.dll] for some reason I couldnt find that ip address :-)
thanx,
bill
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free american and do not reflect the opinions of any person or company that I have had professional relations with in the past 51 years. meep

reach me at [link|mailto:bill.oxley@cox.net|mailto:bill.oxley@cox.net]
New I've seen several of those, from "eBay".
     Nasty phish - (drewk) - (6)
         Huh..? - (Ashton) - (2)
             Oops, forgot to turn off the url converter - (drewk) - (1)
                 Hmmm - (jake123)
         It looks like they're using Ebay's own redirects. - (static)
         something slightly different in my inbox - (boxley) - (1)
             I've seen several of those, from "eBay". -NT - (Another Scott)

Sanctioned by GRR.
154 ms