I recieved one for E-Bay a few days ago as well. Social engineering at its finest. Since E-Bay does not have any of my credit card information, and I never use the URLs sent to me in e-mail anyways, I was not too worried. On Fri, 13 Sep 2002, Crispin Cowan wrote: > Seth Arnold wrote: > > >On Fri, Sep 13, 2002 at 10:30:53AM -0700, Robert Johnston wrote: > > > > > >>I suspect some credit card information has been compromised as well. > >> > >> > >I suspect someone simply forged the email to appear as if it came from > >uBid. That takes absolutely no effort. > > > I had a similar experience 2 days ago, when I got e-mail that claimed to > be from Paypal. It said that Paypal had experienced a system failure, > and I should log in and update my personal information. It had a helpful > piece of advice that I should never give my password to anyone but > Paypal. And it provided a helpful link for me to log in. > > The catch: the TEXT for the link said it pointed to "paypal.com" but the > underlying link actually pointed to "paypalsys.com", a Trojan web site > set up to collect user-ID/password info from unsuspecting Paypal users. > > As Seth points out, absolutely no compromise of Paypal servers is > necessary to deploy this scam. All that is required is for a user to > click on a link in an e-mail without thinking about it very much. > > Crispin > >
This archive was generated by hypermail 2b30 : Fri Sep 13 2002 - 14:17:53 PDT