Category: Spam

Posted on
by

A piece of spam came across the abuse desk the other day hawking something called “Viagra Professional.” Just as some songs aren’t suited for elevator music, some products aren’t suited for Microsoft-style naming schemes.

Think about it: Outside the pharmaceutical industry, what *ahem* profession would have a use for Viagra?

Posted on
by

Someone I know encountered a really sneaky eBay phish this weekend. It arrived through eBay’s official “Ask seller a question” system, and consisted of a simple request: Was his auction the same as the auction at the following About Me page?

The URL was a normal eBay URL of the form http://members.ebay.com/aboutme/_____. Pasting the link into another browser brought up the user’s About Me page… which consisted of a spoofed eBay login form that would submit the username and password to a page hosted at Yahoo.

So it not only came through eBay’s official messaging system, but the form appeared on eBay’s own website, meaning it bypasses many of the usual cues. It’s not a secured page, but use of SSL for login pages is still spotty enough that a user could easily miss that. And how many people have noticed that eBay only puts login forms on signin.ebay.com? You have a slightly better chance if you have a browser like Opera, which shows you the target* of a form when you hover over a button. If you think to look at it. Continue reading

Posted on
by

I suppose it was only a matter of time before these two genres of spam collided. Today I received a spam advertising body-part enlargement products, with a link to a site called bmsMUNGEDcommercialmortgage.info (without the MUNGED).

Apparently, getting a new mortgage is supposed to increase my ability to handle huge tracts of land.