iOffer phishing email

January 19, 2009 Leave a Comment

The iOffer web site, a place to sell, buy and trade, is subject to a phishing email. MX Lab received some samples with the subject  ”You’ve received a question about your ioffer item Brand New Nikon D80 Package, 2 Lens,4GB and more..” with senders address ”noreply@ioffer.com” <noreply@ioffer.com> containing the following content:

Dear member,

You have a question from maildirect1 regarding the item Brand New Nikon D80 Package, 2 Lens,4GB and more….!

Click below to see the question and respond:
View the dispute thread to respond hxxp://222.124.199.98/icons/small/login?SignIn&amp;co_partnerId=2&amp;pUserId=&amp;siteid=0&amp;pageType=******

**THIS IS AN AUTOMATED EMAIL – PLEASE DO NOT REPLY**

The use of an IP address in an URL is always suspicious and should alert you for a possible abuse. When visiting the site we found a nicely branded iOffer login page, we didn’t expect anything else, where you are asked your login and password.

Normally, our Firefox warns us when we enter a phishing site but this time we have no warnings. When filling in a login and password (not recommended) I notice that the word Username and Password turns green and next to the form fields the words Required_fail appear. Afterwards you are directed to the genuine iOffer login page.

Filed under Phishing Tagged with ,

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 109 other followers