Well Ok I love it when Phishers are really being idiots, and yet
another phising attempt fails to snare its intended victim, namely me,
and namely because the phisher is being very stupid.
I do a lot of shopping online so I am fairly sensitive to the loss
of an account or someone trying to snag my account credentials. This
morning’s vain phishing attempt is from somewhere called securitys.com.
HTML has been defanged in case someone really clicks on the link.
Dear eBay customer, We recently have determined that
different computers have logged on to your account, and multiple
password failures were present before the logons. We now need you to
re-confirm your account information to us. https://www. ebay.
com/signin http://signin. ebay.com.ebayisappi.cmd.login. ebcpe.
com/ws/us/ eBayISAPI.htm?lang=en-usWe thank you for your cooperation in this manner. eBay Customer Service Departament.
Well besides the misspelling of Department and the very long
ebcpe.com domain name as the root, I would tend to think that very few
people would actually click on this unless they stopped at the sign in
eBay com and so on. The header routing information was interesting as
well.
Sun, 25 Oct 2009 09:30:10 -0700
Received: from User ([200.57.146.45]) by inventis with MailEnable ESMTP; Sat, 24 Oct 2009 13:05:39 -0400
From: “service@securitys.com”
Subject: eBay Notification [ ref id: 8745 ]
Date: Sat, 24 Oct 2009 12:05:35 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”—-=_NextPart_000_0112_01C2A9A6.0EDC909E”
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Return-Path: service@securitys.com
Message-ID:
X-OriginalArrivalTime: 25 Oct 2009 16:30:10.0520 (UTC) FILETIME=[6BC4ED80:01CA5590]
From the object information it looks like it came from Outlook
Express (on just about any computer) and from Canada. From my viewpoint
this is probably more something that came out of someone’s compromised
computer and most of the information (other than my own domain name)
should be considered suspect.
As the holiday season gets underway, and the economy still
continues in its funk, expect to see more of these kinds of attempts at
getting your shopping credentials, and be safe out there. There are
some very clever e-mails, and some very poor ones like the one above.
(Cross-posted @ IT Toolbox)