[LINK] eBay Security Advice

Kim Holburn kim at holburn.net
Thu Sep 27 17:08:51 AEST 2007 

Just today I got an interesting ebay phish.

Looking carefully in the received headers (Surely there is some way  
this could be made easy for unsophisticated users) I found it was  
from a domain called emailebay.com.

The links to click look like this:
> Your registered name is included to show this message originated  
> from eBay. Learn more.
> => http://rover.ebay.com/rover/2/0/8?loc=http://click3.ebay.com/ 
> 576136089.70853.0.65847

The page is real but my noscript says there are scripts from a site  
called: ebatstatic.com.

It looks so legit.  Have ebay servers been compromised?  I can't see  
how they could add anything that wasn't from ebay, yet clearly they  
did somehow.



On 2007/Sep/27, at 4:10 AM, Roger Clarke wrote:

> This eBay 'Protect Yourself' page was drawn to my attention:
> http://pages.ebay.com.au/protectyourself/
> (Are eBay users really all either children or child-like??)
> (And is now a good time to portray Julia Gillard as a witch?)
>
> It points to a page with some substance to it, and some deeper- 
> nested pages with some more material that appears reasonable:
> http://pages.ebay.com.au/securitycentre/fraudulent-emails-003.html
> and less directly to:
> http://pages.ebay.com.au/securitycentre/
>
> But the one thing I thought might have been useful offers very  
> little, and no links at all.:
>> Update your anti-virus software
>> Every time you open an email attachment or download a file from  
>> the internet, you are risking exposure to potentially harmful  
>> viruses and online hackers. Computers that have no anti-virus  
>> software are unprotected and vulnerable. To prevent this from  
>> happening regularly update your anti-virus software.
>
>
> -- 
> Roger Clarke                  http://www.anu.edu.au/people/ 
> Roger.Clarke/
> 			            Xamax Consultancy Pty Ltd      78 Sidaway St,  
> Chapman ACT 2611 AUSTRALIA
>                    Tel: +61 2 6288 1472, and 6288 6916
> mailto:Roger.Clarke at xamax.com.au                http:// 
> www.xamax.com.au/
>
> Visiting Professor in Info Science & Eng  Australian National  
> University
> Visiting Professor in the eCommerce Program      University of Hong  
> Kong
> Visiting Professor in the Cyberspace Law & Policy Centre      Uni  
> of NSW
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3494957443
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the Link mailing list