April 15, 2013 1 Comment
MX Lab, http://www.mxlab.eu, detected a phishing campaign in the form of information requests by mail from eBay. The fake email is sent from the spoofed email address “eBay <firstname.lastname@example.org>” and has subjects in the format “Question sur l’ objet #2091501444 – Répondre maintenant”.
The body of the email lay out is typical eBay style and there is an request for more information regarding the delivery of the item when bought.
The embedded URLs, in this case hxxp://ns1.sjburns.com/bash/levante.fr/curvasa.html, leads to a web site that hosts the fake eBay login screen. The form is processed by the file ebay.php.
Afterwards, the user is redirected to the real eBay login screen with a secure https connection.
The main differences are: the disclaimer is written in French, a link to the eBay app on the top right and the Norton logo is correctly shown.