Hybrid Spoof Sites – AOL and eBay

Most phishing sites replicate the login pages from financial institutions or ecommerce sites… not much creativity there. But we are starting to see more hybrid and creative spoof sites. Here’s a combination eBay/AOL spoof that showed up in my inbox the other day…

Aolebay

The email told me that a bid I’d made on eBay was being cancelled and that I needed to login again to re-enable my bid. 

The spoof site asks for my "AOL Email Password" and some other information, but none of it is especially dangerous. I don’t have an AOL account. Even if I gave them my password, zip code, and birth date, they still wouldn’t have my name, AOL screen name, or anything else of real value. I sent some bogus data to the phisher and was redirected to an actual eBay auction – no two-step phishing site here. Why wouldn’t the phishers ask for more valuable information? Could this be a phishing experiment? Perhaps the next iteration of this attack will be sent only to AOL users and the AOL screen name will be embedded in the URL (or form) so the phisher can connect that to the password.

Advertisements

One thought on “Hybrid Spoof Sites – AOL and eBay

  1. Notification of Limited Account Access – Security Measures ?

    Can anyone explain e-mails with the subject of:

    “Notification of Limited Account Access – Security Measures ”

    Appearing to be from eBay.

    and links going to:

    http://www.paypal.com.wscm.tk/us/webscr/Loginx.php

    http://www.paypal.com.cgi-bin.wsst.tk/us/webscr/Loginx.php

    Is this what this blog is talking about, i.e. spoofing and phishing ?

    Background info:
    Name: http://www.paypal.com.wscm.tk
    Address: 216.81.70.151

    OrgName: Vortech Inc.
    OrgID: VTC1
    Address: 106 S. Semoran Blvd.
    City: Orlando
    StateProv: FL
    PostalCode: 32807
    Country: US

    NetRange: 216.81.64.0 – 216.81.79.255
    CIDR: 216.81.64.0/20
    NetName: VORTECH-BLK-2
    NetHandle: NET-216-81-64-0-1
    Parent: NET-216-0-0-0-0
    NetType: Direct Allocation
    NameServer: DNS.ANONYMOUS-SERVERS.COM
    NameServer: DNS2.ANONYMOUS-SERVERS.COM

Comments are closed.