Sunday, February 20, 2005

Phishing in action - part II

It looked so great, the phishing site. Because it succeeded in highjacking the URL, so that there's no need to copy the e-bay site. Let real e-bay do that work for you. But you notice it as soon as you hit the Back-button (which brings you back to where you where before the first fake e-bay page). Still the URL reveals that the original link of the Phishing site is:

And the source of that page states: *!-- saved from url=*
which is a site that is no longer active.

The mail engine in the source code says:
*form method="post" action=""*
*input type="hidden" value="" name="recipient"*
*input type="hidden" value="" name="redirect"*
*input type="hidden" value="ebaY hiT" name="form_subject"*
*table cellSpacing="0" cellPadding="0" bgColor="#999999" border="0"*

So apparently the healt-canada site has been hijacked to serve as a mail receipt engine.