[SpamCop-List] Re: Erm...um...I may have just fallen victim to a Phish

[Borgholio]

Brian wrote:
> Borgholio wrote:
> 
>> In a nutshell, I wasn't paying attention and clicked on a link and 
>> entered my password.  I changed it about 2 minutes later when I 
>> realized something was wrong, but I need verification that the "phish" 
>> actually worked.  It seemed that the phishing link sent along with the 
>> email was half-assed.  In other words, it doesn't seem like it'd 
>> work.  Here's the link:
>>
>> http://mail.jangup.com/https://signin.ebay.com/ws/eBayISAPI.dllSignIn.php?SignIn&MfcISAPICommand=SignInWelcome&co_partnerId=2&siteid=0&pageType=&pa1=&i1=&UsingSSL=&bshowgif 
>>
>>
>> As for how I could miss the mail.jangup.com part, beats me.  As I 
>> said, wasn't paying attention.  When clicking on the link, it takes 
>> you straight to the Ebay page and NOT to a clever forgery.  The 
>> mail.jangup part is a webmail address but there are no obvious 
>> attempts to login and send mail. I'm going to keep my passwords 
>> changed, naturally, but can anybody verify that this link will indeed 
>> send away a username / password?
> 
> 
> As Glen said, yes, you were snookered. Fortunately, you realized this 
> quickly, so it's very unlikely it caused you any damage before you were 
> able to change the password.
> 
> As long as it wasn't on this page that you chose to change it ;)
> 
> What I am interested in knowing is how this came about? Would you mind 
> posting a tracker? I'd like to see so I can possibly use this as a part 
> of my lessons in Practicing Safe Hex.
> 
> Also, as an aside, maybe it would be good for you to install the 
> Netcraft toolbar so this doesn't happen again. It does a fairly decent 
> job of catching phishes. I've found a few that it hadn't seen yet, but I 
> aggressively look for them. It did catch this one, at least at this time.
> 

I've posted the full email + headers in .spam for ya.  I can dig up the 
tracking link if you need that instead.