eBay phishing e-mail

Big congrats to n@ on her 21st birthday - rockit!

I received an e-mail scam yesterday, the hoaxer pretending to be associated with online bidding giant eBay. Their e-mail claimed that during their supposed regular account updates, they couldn't verify my information. As a result, access to my supposed eBay account has been suspended until I update my information via the link contained within the e-mail.

The link is cleverly disguised using this technique:

Anything before the ampersand in a URL adds nothing to the address. Consider the site "http://www.microsoft.com@www.yahoo.com". When first read it looks like it goes to Microsoft's website, when it will actually go to Yahoo instead.

So although in the context of the e-mail it reads as "https://scgi.ebay.com/saw-cgi/eBayISAPI.dll?VerifyInformation", it actually links as "http://scgi.ebay.com@211.217.224.102:4901" and resolves as "http://211.217.224.102".

I doubt anyone would be stupid enough to fall for this scam, but admittingly it's cleverly disguised and were I an eBay customer, it might have been more convincing.

For more info on "phishing", a high-tech scam that uses spam to deceive consumers into disclosing their sensitive information, see eBay's Protect yourself from fraudulent (spoof) emails page, and tips to detect email scams.

There's this image of spam bots in my head. Like those big immortal tadpole-like machine things in the Matrix. In a single minute they simultaneously scour the web harvesting thousands of e-mail addresses, compose penis-enlarging cream taglines by the dozen and give network admins the globe over a migraine the size of Hurricane Isabel. It's been said before and is becoming increasingly believable - spam is ultimately killing e-mail as a viable communication medium.

Sarah and her crew show us how multi-user blogging is done... nice one guys. Maybe meskanky can follow suit..? I've wanted to develop a similar tool myself, but like many projects I conceptualise, ended up not even starting it. I plan to rename my evangelism page to 'projects' on which I hope to share my ideas.