search AntBlog701
inside AntBlog701
* AntTunes701 - your music guide.

* my Flickr

iPhone 5

19 July, 2004

phishing websites? Fake websites

A phishing website is where you are sent to page that looks like an official site, but the site really is just designed to steal personal data.

Today, I received one fake email said from eBay.com (the email was sent from IP address 218.154.70.10) with title "Your account at eBay has been suspended".

Without a thought, I knew it was a fake and wanting to steal my data.

So I decided to investigate it.

the phisihing email
screenshot of the email

The email asked me to click
http://signin.ebay.com/aw-cgi/eBayISAPI.dll?Verify
But if I click that the actual link would be
http://signin_ebay_com_account.rndsystems.co.kr:7308/ebay.htm
BINGO

raw source
screenshot of the raw source with highlighted on the link

The real website is rndsystems.co.kr with subdomain signin_ebay_com_account and using an unusual port number 7308. (the usual web pages use port 80)

Now, I am pretty sure it wanted to steal my credit card number, I decided to make a further investigation.

So I went to that URL (with port number 7308), exact link.
And I got following screen...
fake website

I decided to use a fake account, and BINGO, it works, as expected.

Let's see what's inside...
fake ebay website
Asking me my alternative password?

And as expected, asking me my credit card and even bank card number?
fake ebay website

So, if I use my real eBay account information with real password (and all the information they asked for), it is not hard to figure out what would happen.

1. They will use my supplied password to change my password in eBay, and hence, as indicated in the email, "until we can verify your identify no further access to your account will be allowed".

2. you know what will happened to my credit card and even my bank accounts.

My recommendation about those worrying emails... check the raw format (source code OR view source), and look careful, you will see the actual problem.

Additional Information:
When I register an account with eBay, eBay does not ask for my credit card number or bank account number. It is clearly a phishing website.

My advice: Check the source of any questionable emails.

SillyDog701 Message Centre has a discussion on this issue.

Posted by Antony on 19 July 2004 9:54 PM |

more July 2004 blogs. (or 2004 blogs)
from iTunes Store:
comments
Try this next time you get one:
http://www.phishfighting.com/ Paste the web address of the phishing site into the bar and let the program do the rest. It will send a fake e-mail address and fake password every 20 seconds for as long as you leave the page open. You can get over a thousand hits to the phisher's catcher account overnight. This way it will be next to impossible for the phisher to weed through all of the fake ones to get real info.
Posted by Carlos Sanchez on 26 December 2005 3:00 PM.
thanking you for teach us.its so useful post.i learnt so much.
Posted by aman on 22 December 2010 5:50 PM.
post a comment
TypeKey:
|
|



(You may use following HTML tags for comment formatting:
a href, b, i, br, strong, em, blockquote. two blank lines for a new paragraph.)


(Due to recent comment spamming, I need to take some actions. I apologise for inconvenience.)

:
disclaimer
AntBlog701 is an Antony Shen personal weblog. This blog does not represent SillyDog701. This blog may represent Antony Shen's thoughts or things happened around him. You may not use any contents from this blog to accuse Antony Shen. Antony Shen makes no guarantee about the accuracy of this blog.
sponsored links:

inside SillyDog701
* SillyDog701 (front door) - main SillyDog701.
* Message Centre (forums)
* Netscape Browser Archive
* Browser Version Guide
* MacCentre701, Macintosh news and informaiton centre.
- features: H.264 and other codecs comparison
* MozInfo701, Mozilla information and resource centre.
* Switch, simple steps to switch to the browser you can trust.
* Communicator Tips, featured in dynamic HTML presentation.
* Feedback

search SillyDog701
links:


download iTunes
Get a Blogging Platform built to Grow with Your Business. Download Movable Type Now!

AntBlog701 is proudly powered by
Movable Type.
Page URL: http://ant.sillydog.org/blog/2004/000293.php
[AntBlog701] [AntGallery701 (photos)] [AntTunes701 (music)]
[SillyDog701] [Netscape] [MozInfo701] [MacCentre701][Search] [Feedback] [About SillyDog701] [Sitemap]
Copyright © 2003 - 2015 Antony Shen. All rights reserved. Copyright Notice. Privacy Statement.
Made on a Mac
support AntBlog701