SeanPAune

menu
May 23 2005

Spoofy Spoofs

For those of you with Ebay or Pay Pal accounts, you have probably seen these stupid emails that tell you things such as:

Become an eBay Power Seller

You have added a new credit card home address!

Account Access Limited!

When you open them up, they look official (some more than others) and they will ask you to click on a link to verify your information for “your safety”. Let me assure you folks, clicking on those links will NOT be a good thing for you.

These types of emails are known as “phishing“. Wikipedia.org defines phishing as “In computing, phishing is the act of attempting to fraudulently acquire through deception sensitive personal information such as passwords and credit card details by masquerading in an official-looking email, IM, etc. as someone trustworthy with a real need for such information.”

Boiled down, this means these are bad people trying to get your informtion from you. The best idea is, if you get an email saying something is wrong with your account, go to the site on your own, NOT through a link in the email. See if there are any messages waiting for you when you log in. Again though, do NOT click on the links in the message.

Now, if you get one of these, you should forward them to the companies they are spoofing. The email addresses for forwarding them in the cases of Ebay and Pay Pal are spoof@ebay.com and spoof@paypal.com. When you do this though, you need to include in the body the “headers” from the email you recieved. Headers look like this:

Return-Path: Received: from rly-xg03.mx.aol.com (rly-xg03.mail.aol.com [172.20.115.200]) by air-xg01.mail.aol.com (vx) with ESMTP id MAILINXG11-45e428c07ed204; Wed, 18 May 2005 23:28:49 -0400
Received: from smtp107.mail.sc5.yahoo.com (smtp107.mail.sc5.yahoo.com [66.163.169.227]) by rly-xg03.mx.aol.com (vx) with ESMTP id MAILRELAYINXG38-45e428c07ed204; Wed, 18 May 2005 23:28:45 -0400
Received: from unknown (HELO User) (pfeffertlkjhgfd@24.110.206.119 with login)
by smtp107.mail.sc5.yahoo.com with SMTP; 19 May 2005 03:28:38 -0000
Reply-To:
From: “PayPal” Subject: You have added a new credit card home address!
Date: Thu, 19 May 2005 05:28:34 +0200
MIME-Version: 1.0
Content-Type: text/html;
charset=”Windows-1251″
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AOL-IP: 66.163.169.227
X-AOL-SCOLL-SCORE: 1:2:411626833:13153337
X-AOL-SCOLL-URL_COUNT: 1
Message-ID: <200505182328.45e428c07ed204@rly-xg03.mx.aol.com>

I know, it looks like gibberish, but it tells the security teams alot about where the email came from. (And btw, this came from a spoof I recieved, so I could care less who see’s all the info!)

Also keep in mind, spoofs can come in many forms, I even get tham about my bank account…at banks I have never dealt with.

So, long story short, never click on a link in any email unless it is a very trusted friend, even then, make sure they really sent it.

share tweet share



Science & Technology