June 27th, 2007
Beware, Email Phishing from So-called-Ebay
I received an email, from “eBay sender”[with email address: aw-confirm@ebay.com]. At first, it looks like an ordinary email from Ebay, telling you that you have to confirm about your email. Well, this email is such an email sent after you register to any service. But if you notice, the link itself, actually ALL LINKS, refer to exactly one same link. It is ftp://administrator:hockey@robroy.com/eBayISAPI.html [dare to click anyway?]. Well, definitely I think this email is fraud, phishing, whatever Internet crime it is. Thank God I apparently notice about it. After I search in the Internet, it did actually a phising.
When I try to investigate more about Robroy.com, actually it is a regular established corporation which already celebrated its centennial. Robroy Industries manage manufactures related to Oil Field products. So, is it a dirty game by their system administrator?
You may check further to IETF Forum [need free register] or millersmiles.
June 27th, 2007 8:50 pm
duh, bahaya….
July 1st, 2007 11:52 am
just want to share…
So far I could recall, I ever received similar email from “eBay” quite long time ago. But, last week I got two attempts from “paypal” with sender alias service@paypal.com.
Because it was not my first encounter with this type of email, I checked them. It was redirected to non-paypal URL (http://www.supportnet.ns7-wistee.fr/www.paypal.com/…. ) which is now broken. Maybe somebody has reported it?
Funny though, the email warns that “paypal never ask your password through email” then it tries to convince us to login into its fake website.
Just be careful… thanks for the posting to remind us..
July 1st, 2007 7:45 pm
@fau
Thanks for informing us regarding this. May it will be helpful for all readers
Overall, be careful for any incoming email, which is suspected as phishing, especially related with eBay or Paypal.
You may check the latest issue in dedicated anti-phishing site, like millersmile.
July 1st, 2007 8:23 pm
ridiculously, I got 4 emails from “paypal” today! the alias are paypal@, measures@, admin@, acc@paypal.com. Look like official paypal accounts, huh? And the warning is more convincing: they closed down my account because of “some unusual activity related to our servers that indicates that other parties may have access and, or control of your informations in your account.” hehehehe… maling teriak maling eh?
But gmail is smarter, it defaults all the links in those emails and put them in bulk folder. When I view the original headers, it shows something like this:
Return-Path:
Received-SPF: softfail (google.com: domain of transitioning admin@paypal.com does not designate 67.128.73.66 as permitted sender)
I don’t know much about IT, but I guess that 67.128.73.66 is the manipulator? And it is owned by Qwest Communications Corporation and BRANFORD HALL CAREER INSTITUT (got it from ARIN). What do you think about the sender? Does paypal’s person play here? Or completely the outsider?
sorry, asking too much.. just curious of these bandits.
thanks.
July 1st, 2007 8:52 pm
@fau
Yes, indeed. Gmail and Yahoo Mail, especially, can detect any phishing actually. All you have to do is seeing the header to verify whether it was being sent by the authorized party.
I do suspect that the IP 67.128.73.66 is the original sender. And what play most of phishing is the ability of imitating, so most likely the receiver will think that the email solely sent by the official corporate email.
Based on what I have searched on the Internet, I don’t think it is part of inner Paypal officer game. This fraud is completely played by outsiders.
July 1st, 2007 9:23 pm
thank you!
btw, your blog is nice. keep up writing