Phishers hack eBay
03 August 2005, 05:16 PM
#1
Scooby Regular
Thread Starter
Join Date: May 2003
Posts: 1,165
Likes: 0
Received 0 Likes
on
0 Posts
Phishers hack eBay
http://security.itworld.com/4337/050...ck/page_1.html
Phishers hack eBay
Techworld.com 8/2/05
A flaw has been discovered on eBay’s website that would have allowed fraudsters to successfully redirect the sign-on process to a phishing site.
Reported by British antiphishing outfit Netcraft, the clever scam apparently started with fraudsters sending e-mails asking eBay users to update their accounts. So far so normal, as such fake eBay e-mails are currently one of the phishing world’s persistent lines of attack.
Disarmingly, however, the link provided was genuine and led to the correct eBay sign-in page, signin.ebay.com. If users clicked on this, parameters embedded in the otherwise normal stream of characters at the end of the link actually redirected users away from the page after the sign-in page to a fake phishing page, via an open relay hosted at servlet.ebay.com.
The end result would have been that users gave away information allowing phishers to hijack their accounts, either as a way of laundering money or for launching fake auctions.
According to Netcraft’s Paul Mutton, the company first learned of the attack from users of its antiphishing toolbar -- which stops the attack -- and reported the flaw to eBay last week.
This is not the first time such an attack has been attempted on eBay users. In March, phishers launched an almost identical redirect-style attack, which spoofed the sign-on page itself. Mutton said he considered the latest attack more subtle as it manipulated the real sign-on page, and would therefore be harder for users to detect.
"I believe this new exploit is more serious because it is more convincing," Mutton said. "It is something they can prevent by enforcing stricter coding conventions." At the time of going to press, eBay was unavailable for comment.
The moral is not to click on links in e-mails just because they look genuine, a fairly disturbing conclusion as this is one of the main criteria people use. Netcraft’s toolbar, a web browser plug-in for Microsoft’s Internet Explorer and Mozilla’s Firefox, is designed to protect against phishing websites, not least by analyzing the sort of characters used in this attack.
Phishers hack eBay
Techworld.com 8/2/05
A flaw has been discovered on eBay’s website that would have allowed fraudsters to successfully redirect the sign-on process to a phishing site.
Reported by British antiphishing outfit Netcraft, the clever scam apparently started with fraudsters sending e-mails asking eBay users to update their accounts. So far so normal, as such fake eBay e-mails are currently one of the phishing world’s persistent lines of attack.
Disarmingly, however, the link provided was genuine and led to the correct eBay sign-in page, signin.ebay.com. If users clicked on this, parameters embedded in the otherwise normal stream of characters at the end of the link actually redirected users away from the page after the sign-in page to a fake phishing page, via an open relay hosted at servlet.ebay.com.
The end result would have been that users gave away information allowing phishers to hijack their accounts, either as a way of laundering money or for launching fake auctions.
According to Netcraft’s Paul Mutton, the company first learned of the attack from users of its antiphishing toolbar -- which stops the attack -- and reported the flaw to eBay last week.
This is not the first time such an attack has been attempted on eBay users. In March, phishers launched an almost identical redirect-style attack, which spoofed the sign-on page itself. Mutton said he considered the latest attack more subtle as it manipulated the real sign-on page, and would therefore be harder for users to detect.
"I believe this new exploit is more serious because it is more convincing," Mutton said. "It is something they can prevent by enforcing stricter coding conventions." At the time of going to press, eBay was unavailable for comment.
The moral is not to click on links in e-mails just because they look genuine, a fairly disturbing conclusion as this is one of the main criteria people use. Netcraft’s toolbar, a web browser plug-in for Microsoft’s Internet Explorer and Mozilla’s Firefox, is designed to protect against phishing websites, not least by analyzing the sort of characters used in this attack.
03 August 2005, 05:25 PM
#2
Scooby Regular
Join Date: Apr 2003
Location: Between the Fens and the Wolds.
Posts: 3,027
Likes: 0
Received 0 Likes
on
0 Posts
Had this a while back, if you take a moment and look carefully, it is an obvious con, but I feel for those who haven't spotted it. These phishers are too darned clever .
Yve
Yve
Thread
Thread Starter
Forum
Replies
Last Post