Posted to stationary engine/model engineering newsgroups, Oldengine.org and Atis (SEL)
I post this as a warning to everyone about a clever bit of skullduggery that came our way today.
Received an email, purporting to be from ebay, regarding an alleged breach of security and fraudulent use of my ebay account and user name. The email asked me to sign in and confirm my details and to fill in all the blanks on the form I would come to.
So far, a pretty ordinary scam email, but the clever bit is to come:
The url for signing in was the same as the normal ebay one, together with https:// at the front to show a secure signing in link. If you clicked on the link you would come to the standard ebay page with boxes for user name and password, and presumably further on it would ask you to confirm your credit card details etc etc:The url was in fact a graphic, not straight text, and if you held the mouse pointer over it, a different url would show up, with an IP address in the far east. So if you clicked normally you wouldn't see the different address, which was:
http://184.108.40.206/.secure/safeharbor.verify.ebay.com/login.php That IP is in the APNIC (Asia Pacific Network Information Centre) area, and I tracked it down to a School in South Korea.
It was a very clever bit of fraud, and one that me scratching my head for a while as I waiting for ebay to confirm it was a fraudulent email, which they did within 20 minutes. I didn't go to the url, I just reported it to ebay and then starting looking at how they did the switch of url's.
You have all been warned! :-))
-- Peter & Rita Forbes firstname.lastname@example.org Engine pages for preservation info: