Today I received this suspicious email, purportedly from eBay: ------------------------------------------ Dear eBay customer, During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your billing information. This might be due to either of the following reasons: 1. A recent change in your personal information ( i.e..change of address). 2. Submiting invalid information during the initial sign up process. 3. An inability to accurately verify your selected option of payment due to an internal error within our processors. Please update and verify your information by clicking the link below: https://arribada.ebay.com/saw-cgi/eBayISAPI.dll?PlaceCCInfo If your account information is not updated within 48 hours then your ability to sell or bid on eBay will become restricted. Thank you The eBay Billing Deptartment . Copyright © 1995-2004 eBay Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. Use of this Web site constitutes acceptance of the eBay User Agreement and Privacy Policy. ------------------------------------------ In my email (I don't think it will work on ClutchBBS), clicking the link listed takes you to a DIFFERENT site (not eBay, and not secured): http://66.221.6.185/update/ I submitted some fake information, and it didn't give me an invalid account, or a thank you, or an account updated page. I tried to look up the hostname/owner information, but it's not in the databases, so I can't complain to anyone to have it shut down. I don't know how to read headers very well either. Anyone with skillz, know how to find out who's hosting this site?
Search results for: 66.221.6.185 OrgName: C I Host OrgID: CIHS Address: 1851 Central Drive Address: #110 City: Bedford StateProv: TX PostalCode: 76112 Country: US NetRange: 66.221.0.0 - 66.221.255.255 CIDR: 66.221.0.0/16 NetName: CIHOST7 NetHandle: NET-66-221-0-0-1 Parent: NET-66-0-0-0-0 NetType: Direct Allocation NameServer: NS.CIHOST.COM NameServer: NS2.CIHOST.COM Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 2002-01-17 Updated: 2002-06-17 TechHandle: NC61-ARIN TechName: Network Operations Center TechPhone: +1-888-868-9931 TechEmail: noc@cihost.com OrgTechHandle: NC61-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-888-868-9931 OrgTechEmail: noc@cihost.com # ARIN WHOIS database, last updated 2004-08-08 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. I searched it from this site http://www.webyield.net/domainquery.html#whois in "ARIN Whois" section.
http://pages.ebay.com/securitycenter/ Go to that site and report the scam email. It is pretty easy to follow. They ask you to forward the email to them at spoof@ebay.com.
Just beware submitting even fake info. I've done a view source on some of these spoof sites and they retrieve widely used AOL cookie info - of course if you don't use AOL, this won't bother you. eBay, Paypal and your bank will never ask you to go to a site to enter information in that they should already have. These and the 38 million dollar emails amaze me that they get any responses.
It's interesting that "Phishing" is approaching the level of any single spam. The nice thing is, these attacks are much more likely to lead to earthly retribution, since they are no longer just on individual users, but big corporations with high dollar lawyers...
<a href="http://survey.mailfrontier.com/survey/quiztest.html">This is a neat little Phishing IQ test</a> I came across the other day. Worth a try to see how good you are at picking them up, and how good the scammers are at making their emails believable. I got 10/10
Damn, I thought that I was pretty good at not getting caught - I only got 80%. Lesson learned. Thanks for the link.
