I get phishing emails in comforting regularity. For those unfamiliar with the term, "phishing" is the act of luring an unsuspecting victim into entering personal or credit card details somewhere they shouldn't, by disguising it as a trustworthy (often banks) brand site.

There are two ways to spot phishing emails:

1. The english in the mail is generally full of mistakes. Real emails from trusted brands should not have typos in them.

2. The URLs they want you to click on don't go the site they'd like you to think they do. They often look very similar, but never quite right.

However, this latest email I got (see picture) is different and tries something I had not come across before. It uses Ebay's redirection script. So the beginning of the URL looks and is right - it does go to Ebay, but it calls Ebay's redirection script to take you to the phisher's site (which had already been taken down by the time I had a look).

This was the URL the goes to:

http://cgi4.ebay.com/ws/eBayISAPI.dll ?MfcISAPICommand=RedirectToDomain&DomainUrl=http%3A%2F%2F...

Security Warning

A lot of sites have redirection scripts (often to count outgoing clicks), and a lot of these are portentially prone to this sort of abuse. This doesn't actually let anyone into a site, but it takes abusing a brand name one step further.

To all web developers out there I would therefore suggest you review your redirection scripts, and if they use simple URL encoding, to switch to encrypted parameters, so that only your site (knowing the right salt) uses the script and forwards requests.

Tags: email, phishing, scam.

You must be logged on in order to post a comment.

— Login —
— Free Registration —

Thanks for the warning! It's good to know how to spot problems. So what you're basically saying is: if you think there's something wrong with the email, then there probably IS something wrong with the email. Did I get that right? Thanks again, and have a great day! — nathanerinfunk, 11/11/2005 03:51