antisocial engineering

I got a nasty little email from someone posing to be eBay today. Man, those social engineersare getting good at what they do.

It took me a good couple of minutes to ascertain the veracity slash validityof the email. Once it took a lot less, time, as I would normally pick it up asa spoof through use of language (Russlish / Engrish) like:

"We are write you for email changing pssaaword"

Or they have dodgy graphics. Note in the message source: all of the gifs are being pulled OFF EBAY!! Clever rats! And they even have valid links toeBay.

Such as:

This eBay notice was sent to you based on your eBay account preferences. Ifyou would like to review your notification preferences for other types ofcommunications, click here. If you would like toreceive this email in text only, click here.

the underlying URLs to eBay are genuine, eg.

<a href="http://cgi3.ebay.com/aw-cgi/eBayISAPI.dll? … "> click here </a>

But, the source, the call to action URL is not a good one:

To update your record please click here:
It is highly recommended thatyou right click on the link and select "Open in new window" option as some mailclients will not allow you to proceed! https://users.ebay.com/aw-cgi/eBayISAPI.dll

But the real URL is:

<a href="https://signin.ebay.com.restore-user.us/aw-cgi/SignIn.html

It doesn't END in ebay.com, so it isn't eBay!

So be careful, dear readers. If you are not sure, don't click. Go to thewebsite in question -- the real one -- and send them a message online. Not via email .

|