75). eBay - HTML.Phishing.Auction-156
This email targets customers of eBay.
Message Details
| Malware Name: | HTML.Phishing.Auction-156 |
| Origin: |  India |
| Date first seen: | 14/07/2006 16:51:06 |
| Number seen: | 10 |
| Date last seen: | 21/10/2006 10:50:50 |
| From: | member@eBay.com |
| Subject: | Message from eBay Member |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
14/07/2006 16:59:23 | 14/07/2006 16:59:23 |  220.194.56.83 |
http://220.194.56.83/.../signin.ebay.com/eBayISAPI.dllSignIn/co_partnerId/ | |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
eBay sent this message.
Your registered name is included to show this message originated from eBay.
[1]Learn more.
[hdrLeft_13x39.gif] Question from eBay Member -- Respond Now eBay
[s.gif]
eBay sent this message on behalf of an eBay member via My Messages.
Responses sent using email will not reach the eBay member. Use the Respond
Now button below to respond to this message.
[s.gif]
[s.gif]
[s.gif]
Question from gret
[s.gif]
[s.gif] Activity with gret (last 90 days):
[s.gif] - I have bid on 0 items from gret
[s.gif]
[s.gif]
[s.gif] [2]gret( [3]2)
[s.gif] Positive Feedback: 100%
[s.gif] Member Since: Oct-30-03
[s.gif] Location: CA, United States
[s.gif] Registered On: www.ebay.com
[s.gif]
Hello,
I recently placed a bid on item#5669378843 being a wheelchair for me that i
really need do to my age(87 years old) and it seems that i can not find the
auction anymore...May i please know if you are the seller of the item above?
Regards,
Greta
Respond to this question in My Messages.
[4]Respond Now
[s.gif]
Thank you for using eBay!
[5]http://www.ebay.com/
[s.gif]
[s.gif]
Marketplace Safety Tip [6]Marketplace Safety Tip
Do not respond to the sender (through the eBay system or your email
provider) if this message is an offer to [7]buy or sell an item. This type
of offer is against eBay policy, may be fraudulent, and is not covered by
buyer protection programs.
Second Chance Offer emails with the subject of Message from eBay Member are
fake. Real [8]Second Chance Offers come directly from eBay and appear in
[9]My Messages with a blue background and subject stating, eBay Second
Chance Offer for Item...".
Never pay for your eBay item using instant cash wire transfer services
through [10]Western Union or [11]MoneyGram. These payment methods are
unsafe when paying someone you dont know.
[12]Learn more about sending payments.
[s.gif]
[s.gif]
Is this email inappropriate? Does it violate [13]eBay policy? Help protect
the community by [14]reporting it.
[s.gif]
[s.gif]
Learn how you can protect yourself from spoof (fake) emails at:
[15]http://pages.ebay.com/education/spooftutorial
[s.gif]
This eBay notice was sent to you on behalf of another eBay member through
the eBay platform and in accordance with our Privacy Policy. If you would
like to receive this email in text format, change your [16]notification
preferences.
[s.gif]
See our Privacy Policy and User Agreement if you have questions about eBay's
communication policies.
Privacy Policy: [17]http://pages.ebay.com/help/policies/privacy-policy.html
User Agreement: [18]http://pages.ebay.com/help/policies/user-agreement.html
[s.gif]
Copyright © 2006 eBay, Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective
owners.
eBay and the eBay logo are registered trademarks or trademarks of eBay, Inc.
eBay is located at 2145 Hamilton Avenue, San Jose, CA 95125.
References
1. http://pages.ebay.com/help/confidence/name-userid-emails.html
2. http://feedback.ebay.com/ws/eBayISAPI.dll?ViewFeedback&userid=gret
3. http://feedback.ebay.com/ws/eBayISAPI.dll?ViewFeedback&userid=gret
4. http://220.194.56.83/.../signin.ebay.com/eBayISAPI.dllSignIn/co_partnerId/=2pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif=&UsingSSL=&ru=&pp=&ruparams=&ruproduct=&sid=&favoritenav=&migrateVisitor=/eBayISAPI.dll2SignIn8co_partnerId.php
5. http://www.ebay.com/
6. http://pages.ebay.com/securitycenter
7. http://pages.ebay.com/help/policies/rfe-spam-non-ebay-sale.html
8. http://pages.ebay.com/help/buy/personal-offer.html
9. http://pages.ebay.com/help/myebay/my-messages.html
10. http://pages.ebay.com/securitycenter/mrkt_safety/instantcashtransfer.html
11. http://pages.ebay.com/securitycenter/mrkt_safety/instantcashtransfer.html
12. http://pages.ebay.com/help/confidence/isgw-fraud-sending-payments.html?fromFeature=My%20eBay
13. http://pages.ebay.com/help/policies/rfe-unwelcome-email-misuse.html
14. http://cgi1.ebay.com/aw-cgi/eBayISAPI.dll?ReportEmailAbuseshow&reporteruserid=credit7&reporteduserid=kcmarx341&emaildate=2006/02/25:17:53:13&emailtype=1&emailtext=Typically+my+items+do+not+have+dustbags+and+are+pictured+with+them+if+they+do.%0D%0Athanks&trackId=1962278273
15. http://pages.ebay.com/education/spooftutorial
16. http://cgi4.ebay.com/ws/eBayISAPI.dll?OptinLoginShow
17. http://pages.ebay.com/help/policies/privacy-policy.html
18. http://pages.ebay.com/help/policies/user-agreement.html
Additional Examples