[vox-tech] one of the most pernicious spams i've ever seen.

Rob Rogers vox-tech@lists.lugod.org
Thu, 25 Sep 2003 11:02:45 -0400


On Thu, Sep 25, 2003 at 07:36:13AM -0700, Mitch Patenaude wrote:
> I've seen a lot of these (my email address is 7 years old.. and has 
> been published a lot.  I get a lot of spam).
> 
> Bruce Schneier called these "URL semantic attacks", but now that I've 
> heard it, I like phishing better.  I've seen a couple of really devious 
> variations.  Both of these require HTML email. (I know.. it's evil, but 
> common)  both had an apparently perfectly valid looking ebay or paypal 
> URL, but when clicked on went to www.eboy.net and www.paypa1.com 
> (that's a 1 in the second URL, not an "L").
> 
> The ways they achieved the perfectly looking URL were:
> 
> 1) The entire message (supposedly) from ebay was actually an 
> image/link, not just the blue underlined text. (but I didn't know this 
> until I followed it.. I knew it was a scam, but I wanted to see how it 
> worked.)
> 
> 2) The "URL" was actually inside another <a href=...> </a> tag.  They 
> scammers had just escaped the brackets.
> 
> I'm thoroughly convinced that most people don't have the technical 
> savvy to try to detect URL fraud, and so must be trained to do so 
> contextually rather than technically (Why would my bank send me an 
> email asking for my PIN, especially since I didn't give them this email 
> address.)  I figure that most geeks aren't going to fall for this, but 
> I imagine that a lot of identity theft occurs this way.

I think people need to learn to be wary of giving out ANY personal info
online no matter what the circumstances. The most common cases of
phishing do seem to go after ebay/papal, and the larger ISPs (mainly AOL
and MSN). One recent one posing as an MSN page came as an email saying
your credit card charge didn't go through, and your MSN account would be
canceled if you didn't update your info. On the page it asked for:

Name
CC#
CCV (that 3 digit number at the end of the signature panel)
Pin #
Mother's maiden name.
MSN Acct name
MSN password
Social security #

I don't see how you could not be suspicious at giving away that much
info, but there were a couple dozen people taken in by it.