REPORT SUMMARY
Date Reported
23rd February 2004
Apparent Sender
Ebay
Subject
eBay Billing Information
Senders Address
(spoofed)
aw-confirm@
ebay.com
Content
text with disguised links which open a forged
web form with the ebay.com home page as a backdrop
Spoofed Web page/site?
Yes
Web page/site origin
URL
see text (right)
More...
Latest
email scam
See our guide to
phishing scams
Other
Resources...
See our guides to
Free Utilities...
List of
Auction Sites
eBay Billing Information - Spoof Email Phishing Scam
23rd February 2004
A worrying new trend in serving up forged content is emerging with bogus pages being served up in a pop up type window with genuine content used as a backdrop...
read also our brief guide to Phishing
This spoof eBay email (see image below) is a forgery which links to a forged ebay web form. The method indicates a growing trend in these phishing scams this week...
The links within the email will send your browser to a web page that initially has no content, but is coded to immediate trigger the opening of a second browser window while the first window loads up the genuine eBay.com page and the second one loads the forged eBay web form. The genuine eBay.com page then serves as a back drop to the bogus page to add a false sense of authenticity. However, the second window (bogus page) is opened with the browser window tool, address and status bars removed, thereby concealing the true identity of the page itself and making it appear to be a genuine ebay pop up.
This method of serving up fake content has been on the increase this week. We have been seeing this method used in Citibank scams, but are now seeing it used in other phishing scams as well. Since Microsoft finally plugged the URL Spoofing vulnerability in its Internet Explorer and Outlook products earlier this month, scammers are turning to this method to fool their prey.
The actual URL of the forged eBay web page is http://d4429600.u51.websytzhosting.com/verify.html and you would discover this by right clicking on the page and selecting properties.
Stay informed of the latest Spoof Email Phishing Scams with either of our FREE alert services...
Email
Alerts
Add your email address to our email alert service...
Subscribe
Privacy Policy
RSS
News Feed
Tap into our Scam Alert service using your News Reader or Aggregator (including
My Yahoo!).
Scam Alert News Feed
You can even put the latest alerts on your own web site.
FORWARD
YOUR EMAIL SCAMS
TO KU.OC.SELIMSRELLIM@FOOPS
and help us to
build awareness and
help others
Alerts on your own
web site
Upon further investigation, we found that information entered into the form was
being sent on to a yahoo email address after passing through a PHP form to mail
script located on the same server.
If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.
Take a good look at the following images, because this email scam may be coming to an inbox near you!
The Email ...
The Bogus Web Page ...
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
