Amazon Adventures - Part 1

I haven't posted in a while, as I've been somewhat occupied with other things, however, I'm back now and I'm going to cover a few interesting things I saw/experienced first hand recently. So, let me begin.

No I'm not going to tell you about beating my way through tropical rainforest undergrowth or canoeing up the Amazon river, nor am I going to tell you stories about meeting Amazon native people who have never seen an outsider before. So, what am I going to tell you about I hear you ask.....Quickly followed by "I wish he'd get to the point!"

So, to cut to the chase, as they say, this is a screenshot of an e-mail I received a few days ago, from Amazon [see the link now? ;-)]:



Clicking on the link in the e-mail shown above, takes you here:



Looks like the Amazon.com website, in fact as shown in the next screenshot all the scripts on that site point to 'www.amazon.com' [look at the status line bar at the foot of the browser screenshot]:



Yes, all the popups, menus and other scripts on the page point to Amazon.com, however all is not what it seems, and to use a dreadful pun, we can't see the wood for the trees, or in this case we can't see the phish for the rainforest [Amazon] as the phish is very well camouflaged and unless you are very observant or had some mitigating technology in place [such as the Netcraft anti-phishing toolbar] then most people would easily fall 'phoul' of this 'phish'. Yes, it really is a phish, honest and the e-mail wasn't really from Amazon at all!

I had a quick peek at the HTML source for the page hosted on the fake Amazon.com site and it is rather long and complex, including numerous JavaScript functions, these include functions to record the following data:

• Browser used


• Browser version


• OS used


• Timezone


• Plugins installed

The most important part of the HTML source, as far as the phishers are concerned is the 'Form' code which tells the web server what to do with any data submitted in the form, in this case your Amazon.com details: e-mail address and password. The code in this fake Amazon.com page uses the 'POST' directive to send the data to a 'PHP' script on the server hosting the 'fake' Amazon.com site.

If you think that this is clever, just wait until you read part deux [2] of this tale, there is most than just phishing going on against the website jungle that is Amazon...

Right, back to the snakes, tarantulas, scorpions and other assorted wildlife.....no, not in the jungle, these are the pets in my house.

If you don't believe me then maybe you should take a look at one of the websites I run which is all about Tarantulas, Scorpions, Snakes and GALS [That is the acronym for Giant African Land Snails, not the other sort of gals ;-)]....Oh, nearly forget, the website is: The Tarantula's Burrow.