You can sit around pointing fingers at someone else when you get phished, or you can do your homework and quit worrying about getting scammed. I would have posted the following “phishing lure” in the Spamples database, but I was too lazy to modify the code so I could get the GIF attachment stuffed in. Make sure you view this on a decent sized monitor, as the GIF is pretty large and was subject to scaling problems. Here you go:
What it looks like (a GIF attachment in the email)…
And the source (identifying information for the recipient, along with some “<>” tags altered of course)…
Return-Path:
Received: from XXX.com (root@localhost)
by XXX.com (8.12.10/8.12.10) with ESMTP id jBK648SB004302
for
NOTE: THE REAL SENDER HERE
X-ClientAddr: 83.199.116.66
Received: from APuteaux-154-1-45-66.w83-199.abo.wanadoo.fr (APuteaux-154-1-45-66.w83-199.abo.wanadoo.fr [83.199.116.66])
by XXX.com (8.12.10/8.12.10) with SMTP id jBK63vbf004285
for
Message-Id: <200512200604.jBK63vbf004285@XXX.com>
FCC: mailbox://identdep_op8979355@ebay.com/Sent
X-Identity-Key: id1
Date: Tue, 20 Dec 2005 00:56:56 -0500
From: eBay
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: XXX@XXX.com
Subject: EBAY INC ALERT – UNAUTHORIZED LOGIN ATTEMPTS
Content-Type: multipart/related;
boundary=”————000006030501050905030001″
X-XXX.com-MailScanner-Information: Please contact the ISP for more information
X-XXX.com-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details
X-MailScanner-From: identdep_op8979355@ebay.com
Status:
This is a multi-part message in MIME format.
————–000006030501050905030001
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
“<"html>
“<"A HREF="https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&sid=verify&co_partnerId=2&siteid=0"> “<"map name="dpyzhl">“<"area coords="0, 0, 646, 569" shape="rect" NOTE: THE URL REDIRECT HERE “<"href="http://ebtptay.ms2u.net/rock/e/"> “<"img SRC="cid:part1.02010502.08000800@support_ref_112108111@ebay.com" border="0" usemap="#dpyzhl">
NOTE: THE SPAM FILTER FOOLING GIBBERISH HERE“<"font color="#FFFFF9">in 1961 Robert Blake XFL good days to leave a message “<"/font>
“<"/html>
————–000006030501050905030001
Content-Type: image/gif;
name=”maintain.GIF”
Content-Transfer-Encoding: base64
Content-ID:
filename=”maintain.GIF”
Leave a Reply