This convincing looking spoof eBay email links to a scripted page which will open a bogus pop-up window over a genuine eBay page and is very convincing...

This spoof eBay email (see image below) is in HTML format and calls up genuine graphics and script from eBay's own servers. The link in the email has been disguised using HTML code amd uising it will trigger a remote scripted process which opens a genuine eBay page and a bogus page with a form.

The bogus page has been scripted to open with the address, status, tool and menu bars removed, thereby concealing its URL. This gives the whole thing the appearance of a genuine eBay page with a pop up, but information entered into that bogus pop up will be processed and sent on to the scammers using a script located on the same server. The URL of the bogus page (pop up) is http://211.224.55.71/secure/....... which resolves to a Korea Telecom (which has hosted many bogus web pages).

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

The Spoof Email ...

The bogus web page (pop up with genuine page in background window)...