eBay official notice - Spoof Email Phishing Scam
3rd March 2004

please forward any scams you've received to spoof@millersmiles.co.uk

" Dear eBay User, During our reguIar update and verification of the accounts, we couIdn't verify your current information. "...

This spoof eBay email (see image below) is in HTML format (although it does look like a text only email in order add a sense of authenticity to the link text). The link in the email has been disguised using HTML code to look like a genuine link to eBay and it has been further coded to exploit the URL Spoofing bug in Internet Explorer browsers (test your browser - see link on right).

Using that link will trigger 2 new browser windows, first we will see the genuine eBay.com home page, then what appears to be a pop up window will appear in front of that. This is achieved through the use of JavaScript, and its purpose is purely to convince users that they are seeing a genuine pop up window from the eBay.com page. The pop up window has been crafted to open without the address bar to prevent users from seeing the true URL which would reveal its bogus nature (http://68.88.15.175:4944/dl/confirm.htm).

Any information submitted is processed through a script located on the same server as the bogus content.

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

The Spoof Email ...

The bogus web page (pop up with genuine page in background window)...