eBay Account Suspended - Email Scam
16th January 2004

Will your eBay account be suspended? Not this time, its a scam ...

This spoof email takes the form of a text message with a disguised (cloaked) link (see image below) and which sends you to a forged eBay web page.

This scam also exploits a very serious bug in Internet Explorer browsers which allows the URL (site address shown in the browser address bar) to be spoofed. This means that if you use that link, Internet Explorer browsers will open the forged page that it points to, but with the URL shown as http://www.ebay.com (see image below). However, the true URL is http://s-w-d.net/e/ which traces back to a web host with Tunisian contact information.

This bug has been increasingly exploited by email scammers of late, and we eagerly await a patch from Microsoft. The vulnerability can also allow a fake URL to be shown in the status bar of Microsoft Outlook and browser products (while holding the cursor over the cloaked link). We have set up a Browser Test cloaked link which you can use to see if your browser is vulnerable. You can also check links in emails or web pages for cloaking using our Link Checker, and you can check for URL spoofing while at a web page using our URL Checker.

If you have received this email, please remember that it is
very common for these email scams to be redistributed at a later
date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

Take a good look at the following images, because this email scam may be coming to an inbox near you!

The Email ...