Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Another Nasty eBay Phishing Scam

IJ Reilly

IJ Reilly

macrumors P6
Original poster
Jul 16, 2002
17,912
1,506
Palookaville
Most of these phishing schemes are pretty transparent, and hardly worth mentioning, but this one is remarkable on two counts. First, the e-mail was a dead-on and very convincing copy of an official eBay notice (supposedly from a potential buyer of an item you won). Second, clicking on the item link brings you to an eBay login page (again, very convincing), which if you examine the URL, originates from the Ukrainian Embassy in South Korea. So, either the embassy sever has been hacked, or someone on the staff is running this scam.

Beware!
 
:( I think I've seen that same one, or I've seen a very similar one that is spot on. Regardless thanks for the heads up.
 
IJ Reilly said:
URL, originates from the Ukrainian Embassy in South Korea. So, either the embassy sever has been hacked, or someone on the staff is running this scam.
Beware!
Click to expand...
For whatever reason, South Korean networks , especially their school networks, are notoriously poorly secured. This results in spammers flocking to them to use as open proxies to hide their real IPs. 99% of the mail that you get from a South Korean server is likely to be spam 'bounced' off that server like a good double bank shot in snooker.
 
CanadaRAM said:
For whatever reason, South Korean networks , especially their school networks, are notoriously poorly secured. This results in spammers flocking to them to use as open proxies to hide their real IPs. 99% of the mail that you get from a South Korean server is likely to be spam 'bounced' off that server like a good double bank shot in snooker.
Click to expand...

Interesting. In this case, it's a complete URL, starting with the domain for the Ukrainian embassy in the ROK. Is it possible to "bounce" a URL? It starts:

http://www.ukrembrk.com/.signin.ebay.com
 
hrm - i get a 403 forbidden on that link?

I have also been caught by ones like this - just rushing once and I actaully input my password in one of those pages. I realised what I'd done and promptly changed my password on eBay, no harm cam to me.

eBay is full of scams...
 
cb911 said:
hrm - i get a 403 forbidden on that link?

I have also been caught by ones like this - just rushing once and I actaully input my password in one of those pages. I realised what I'd done and promptly changed my password on eBay, no harm cam to me.

eBay is full of scams...
Click to expand...

It's not eBay's fault. Anyhow, yes, you get a 403 when you try the partial link, which tells me the directory exists on the server but is privileged, which is why I posted it. I deliberately did not post the entire URL.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back