eBay is no doubt one of the top targets for crooks. Many phishing sites are setup. Tonight I got an email for just one such site and its up and running right now. Watch the video clip as I step thru the scam website...
But first we take note of the email's header:
Return-Path: <builders@homer.intermerchant.com>
Received: from homer.intermerchant.com (64-191-10-167.hostnoc.net [64.191.10.167] (may be forged))
by bugsbunny.castlecops.com (8.13.4/8.13.4) with ESMTP id k0918OCQ009793
for <paul@computercops.biz>; Sun, 8 Jan 2006 20:08:24 -0500
Received: from builders by homer.intermerchant.com with local (Exim 4.52)
id 1EvlWd-0004la-SG
for paul@computercops.biz; Sun, 08 Jan 2006 17:08:43 -0800
Now click the Read more link to see the video clip.
Dear eBay Customer,
Today Ianuary 08, 2005 we have dected a bougus activity in your account, so we suspend your account to protect you and us in same time from any fraud that can be made using your account. After you read this email pls login in to your account with your USERNAME and PASSWORD and confirm all dates from the FORM If you don`t login after 12 hours from when you got this email or you don`t complete the form with correct info your account will be deleted !
And next time pls be more careful with your USERNAME and PASSWORD.
Your eBay Team !
The email tries to look authentic with a TRUSTe image and an "OnGuard Online" graphic. The email says the following link will get me signed in:
The 200.181.108.77 IP belongs to brasiltelecom.net.br, a Brasil Telecom company. Cutting to the chase, lets take a look at the video clip and see how this scam site operates. Its a Macromedia Flash File, just click the link below the video to expand it so you don't squint. But remember, this is a live dangerous website trying to get your identity. Don't do this!
