Browse: Home / I totally love Phishing when they are obviously juvenile

I totally love Phishing when they are obviously juvenile

By on October 26, 2009

Well Ok I love it when Phishers are really being idiots, and yet
another phising attempt fails to snare its intended victim, namely me,
and namely because the phisher is being very stupid.

I do a lot of shopping online so I am fairly sensitive to the loss
of an account or someone trying to snag my account credentials. This
morning’s vain phishing attempt is from somewhere called securitys.com.
HTML has been defanged in case someone really clicks on the link.

Dear eBay customer, We recently have determined that
different computers have logged on to your account, and multiple
password failures were present before the logons. We now need you to
re-confirm your account information to us. https://www. ebay.
com/signin http://signin. ebay.com.ebayisappi.cmd.login. ebcpe.
com/ws/us/ eBayISAPI.htm?lang=en-us

We thank you for your cooperation in this manner. eBay Customer Service Departament.

Well besides the misspelling of Department and the very long
ebcpe.com domain name as the root, I would tend to think that very few
people would actually click on this unless they stopped at the sign in
eBay com and so on. The header routing information was interesting as
well.

Received: from inventis.ca ([66.46.178.225]) by mail.domainpulled.com with Microsoft SMTPSVC(6.0.3790.3959);

Sun, 25 Oct 2009 09:30:10 -0700

Received: from User ([200.57.146.45]) by inventis with MailEnable ESMTP; Sat, 24 Oct 2009 13:05:39 -0400

From: “service@securitys.com”

Subject: eBay Notification [ ref id: 8745 ]

Date: Sat, 24 Oct 2009 12:05:35 -0500

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary=”—-=_NextPart_000_0112_01C2A9A6.0EDC909E”

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Bcc:

Return-Path: service@securitys.com

Message-ID:

X-OriginalArrivalTime: 25 Oct 2009 16:30:10.0520 (UTC) FILETIME=[6BC4ED80:01CA5590]

From the object information it looks like it came from Outlook
Express (on just about any computer) and from Canada. From my viewpoint
this is probably more something that came out of someone’s compromised
computer and most of the information (other than my own domain name)
should be considered suspect.

As the holiday season gets underway, and the economy still
continues in its funk, expect to see more of these kinds of attempts at
getting your shopping credentials, and be safe out there. There are
some very clever e-mails, and some very poor ones like the one above.

(Cross-posted @ IT Toolbox)

Post Views: 11

Posted in | Tagged , , , , , ,

Dan Morrill works in Interactive Media and Cloud delivery systems for Comics Forge as the COO. He has been blogging since 2003 covering different emerging technologies, management and information security. Dan works as a founding member of a number of startups, including Startup Academy International and Dead Tree Comics. His interests are in intellectual property protection, piracy, and information security as it applies to cloud computing. He also has a deep interest in media, mobile computing, and education.. His personal blog is here,  his other pro-blog is here .