What appears to be a new form of URL Spoofing - ADDRESS BAR SPOOFING - propogates across the net with this spoofed ebay email...

This spoof eBay email (see image below) is in HTML format and the link has been disguised using HTML code to look like it will lead to a genuine and secure eBay site page.

The link will open a browser window which is scripted to close and reopen with the address bar removed and at full screen. The really clever part of this bogus page is that it uses HTA, HTML and javascript to display a replacement address bar with text, and that text is a genuine URL of a secure eBay page (https://arribba.cgi3.ebay.com/aw-cgi/ebayISAPI.dll). The fake address bar is constructed with images and the URL text as mentioned, the only draw back to this approach for the perpetrators is that some of the images used to build the fake toolbar have a light grey background which only matches the Windows™ Classic desktop setting. They have even constructed a dummy 'Go' button which appears to be functional.

The bogus page is actually hosted on Yahoo Inc's servers together with the form to mail script which captures any data submitted into the form.

The nature of the bogus page and the genuine appearance of the email earns this phishing scam a HIGH risk level.

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

Many thanks go to Brandon Richards of Speciality Service Systems, Inc. for reporting this email.

The Spoof Email ...

The bogus web page (the entire address bar is built from code within the page)...