November 17, 2004Phisher, Buy a Calendar!
An eBay phishing message arrived today (check the posting date) that might have a hard time convincing recipients of its urgency. It said in part:
We recently have determined that different computers have logged onto your eBay account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us. If this is not completed by August 30, 2004, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes.
The due date was in bold, just like I posted it here. Darn it! Too bad I've been suspended since August, yet used my account regularly since then.
Among the "secrets" in the source code view of this message was that the link, while displaying a genuine ebay link, actually led to a Web site identified only by a numeric IP address. Buzz off, phisher!
UPDATE: The same formatted eBay phish has arrived a few more times, sometimes with a November date, other times with an August date. The destination IP addresses are all over the place: China, India, and Guatemala. I get the feeling that this message form is part of a "kit" that someone is selling to wannabe phishers, some of whom are too stupid to change the default "deadline dates" to something more realistic.Posted on November 17, 2004 at 09:04 PM