The Continuing Marvels Of Phishing

I continue to marvel at phishing attacks, and how they tweak themselves just enough to make you wonder hard about whether you can afford to ignore them.

Take this one for example. Simple text email, no fancy graphics. But the URL looks real enough, the text makes you wonder whether someone has tried to access your eBay account — causing you to think you should follow the link, just in case.

Dear eBay member,

Thank you for submitting your change of e-mail address request.
Instructions on completing the change have been sent to your new email address.
Once the process is completed, your eBay-related email will no longer be routed to
this email address.

Change of E-mail address request was made from:
IP Address: 201.188.117.10
ISP Host: cache-dtc-ae11.proxy.msn.com

If you or anyone with authorized access to your account did not make this change,
please go to review your sign ininformations:

          http://billing.request-ebay.com

***Do Not Reply To This E-Mail As You Will Not Receive A Response***

Thank you for using eBay!

eBay Account Management

Having SpoofStick and other similar anti-phishing tools won’t really help you here, because they’ll just show you’re visiting request-ebay.com, which could be real enough. Even checking the WHOIS information isn’t that helpful, since the information there is no more or less suspicious than registry information of other legitimate sites. Even the website itself, request-ebay.com, looks normal enough.

The only real clue is in the language, which doesn’t make a lot of sense (why would the change of email address be sent to your new email address for verification?) errors (‘sign ininformations’; no proper addressee ‘Dear eBay Member’; the email address being one I know is now in the hands of ‘Nigerian’ scammers), and in the fact that if you should actually visit the link, you’ll be asked, without further ado, to enter your credit card information.

What I’d like to know is: Why do registrars still allow these kind of domains to be registered, why is the site still active, and why don’t eBay do a better job of policing these kind of sites? Surely it’s not too hard to monitor these eBay-linked domain name registrations?

20. July 2004 by jeremy
Categories: Scams, Security | Tags: , , , , , , , , | Comments Off on The Continuing Marvels Of Phishing