NEWS FROM THE LAB - Friday, July 1, 2005

How not to send email Posted by Mikko @ 10:58 GMT

I got couple of emails today.

One of them was from "Marry Kimmel, eBay Billing Department team (aw-confirm@ebay.com)". It was a typical eBay phishing scam mail, with a masked link that seems to be going to ebay.com but really doesn't. Instead it goes to a rogue site named "ebay-profileupdate.com" which is hosted in UK.

eBay phishing

The second one was from "RSA Conference Europe 2005 (emea.info@rsasecurity.com)". This one was not a phishing scam but a real marketing mail inviting me to the next RSA conference in Europe. However, it also had a masked link, which seemed to go to rsaconference.com but really went to rsc03.net. Which sounds phishy.


The link through rsc03.net eventually goes to the real page at RSA. But how a security company sends out messages like this is beyond me. What's the point in trying to educate users about phishing scams and how they work if the same tricks are being used by the good guys?

Ranting off,