« Too Dumb To Know When To Quit? | Main | "Hear No Evil" Policy »

May 02, 2005

Looking through the source code of a new eBay phishing message today, I noticed something I don't recall seeing before: the hidden URL that a click of the active link navigates to had my email address embedded as a parameter to the login script at the phisher's server. In other words, if I were to have clicked on the link, the phisher's server program would have been able to record by email address as being "live"—just like a Web beacon/bug. If this guy is collecting live email addresses, he could benefit by reselling my address, even if I didn't fill out his phony phorm. A live email address isn't as valuable as someone's identify info or ebay password, but to a crook, somethin's better than nothin'.

The server appears to be an otherwise unused but hijacked server at a South Korean university. Ugh! It could take awhile to shut this one down.

All the more reason, my friends, to not click on links from unsolicited or bogus email. Spam Wars shows you how to spot a fake...but you already knew that, right?