Cloud and Microsoft technologies enthusiast architect in Switzerland RSS 2.0
# Thursday, August 31, 2006

Couple of days ago, I received an e-mail on one of my e-mail address I use to receive spam warning me that I won an auction on e-bay. It sayd I commited to buy a tanning bed and it invited me to pay it by a connection on their web site using a button available in the e-mail.

So far, no problem. The only odd thing was that, even I have an e-bay account, I do not use that e-mail address and more strange, I never made any bid for a tanning bed.
Then, this was a clear attempt of phishing, and let's demonstrate how it works.
First, what is phishing ?
Phishing is a technic used by people to obtain personal and/or confidential information from the victims by claiming they are from a banking company or somebody you trust.
In this case, it was eBay, a well-known target for this kind of attack.
In the body of the e-mail, there was a button redirecting you to a fake e-bay web-site to sign-in and enter your user id and password.
This button opened a web page at http://www.ebay.com.item3-login.com (do not try this link, the web site is already offline) which had exactly the same look-and-feel as the original one. That URL might wake up a red light in the head of people who knows how internet works.
In fact, if we carefully look at the URL, we do not access to the eBay web site (in this case, it should be www.ebay.com), but, instead, a web site named item3-login.com. This domain name is owned by a person who has a really strange phone number, only composed of 4 and 7.
With the login form, the owner of the site can get user ids and passwords from a lot of users.
These last months, lot of e-mails coming from supposedly banking companies are received by people, requesting to verify some personal informations. Here, it must be said that banks do not communicate this kind of request by e-mail, but only by letters.

A communication from the BCV about phishing : http://www.bcv.ch/html/bcvnet/conseils-securite/securite-phishing.html

Thursday, August 31, 2006 3:49:38 PM (GMT Daylight Time, UTC+01:00)  #    Comments [0] -
English | web
All comments require the approval of the site owner before being displayed.
OpenID
Please login with either your OpenID above, or your details below.
Name
E-mail
Home page

Comment (HTML not allowed)  

Enter the code shown (prevents robots):

Live Comment Preview
Google Cloud Platform Certified Professional Cloud Architect
Ranked #1 as
French-speaking SharePoint
Community Influencer 2013
Navigation
Currently Reading :
I was there :
I was there :
I was exhibiting at :
I was there :
I was a speaker at :
I was a speaker at :
I was a speaker at
(January 2013 session):
I was a speaker at :
I was a speaker at :
United Nations (UN) SharePoint Event 2011
I was a speaker at :
I was there !
I was there !
I was there !
I was there !
Archive
<August 2022>
SunMonTueWedThuFriSat
31123456
78910111213
14151617181920
21222324252627
28293031123
45678910
About the author/Disclaimer

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

© Copyright 2022
Yves Peneveyre
Sign In
Statistics
Total Posts: 290
This Year: 0
This Month: 0
This Week: 0
Comments: 20
Themes
Pick a theme:
All Content © 2022, Yves Peneveyre
DasBlog theme 'Business' created by Christoph De Baene (delarou)