Search our Spoof Library...
Another Spoof Email and Phishing Scam report by MillerSmiles.co.uk - click this image to go to our home page.

Spoofed Address Bar - Forged Paypal page
16th March 2004

please forward any scams you've received to spoof@millersmiles.co.uk

 

Report Summary
Date Reported
16th March 2004
Apparent Sender
Paypal
Return Address
n/a - see below
Subject
n/a - see below
Format
n/a - see below
Method
n/a - see below
Bogus Web Content?
Yes
URL of web content
spoofed address bar shows https://www.paypal.com/cgi-bin/webscr?cmd=_login-run but the actual page is located on a completely different server (in no way connected with Paypal)
RISK LEVEL
HIGH
WARNINGS

1. This is our second instance of address bar spoofing - where the browser address bar is coded out and replaced with images and text which look like the real address bar.

 

Our second instance of Address Bar spoofing targets Paypal...

 

No spoof email this time, we came across this bogus Paypal page (see images below) during our trawl of the net for 'nasties'. This bogus page also represents our second sighting of this new phishing phenomenon where the browser address bar is removed and replaced with text and images to give the appearance of a genuine web page.

Of-course, the whole page is one big con and any information which is submitted into this form is seemlessly sent on to the perpetrators using a PHP script.

You will notice from the image below, that parts of the address bar image are a different colour, but if the browser was set to use Windows Classic appearance, then you would not notice any difference (see this other example of Address Bar Spoofing to see what we mean). The yellow padlock symbol is also absent from the bottom of the browser frame (something that you would always see at a genuine secure page).

We may well see reports of spoof emails which direct users to this bogus page over the coming days, but we are more likely to see other examples of this worrying trend. In the mean time, please help build awareness of this emerging trend in Phishing Scams by informing friends and colleagues of this page and the use of Address Bar Spoofing. The more that people know, the less victims we will see.

 

The bogus web page ...

Address Bar Spoofing shown here with a bogus Paypal web page.

 

Snapshot showing the spoofed address bar made with images and text to give the bogus page a genuine appearance.

 

Stay informed of the latest Spoof Email Phishing Scams with either of our FREE alert services...
 

Stay informed of the latest Spoof Email Phishing Scams with either of our FREE alert services...

Email Alerts
Add your email address to our email alert service...
Subscribe

Privacy Policy

RSS News Feed
Tap into our Scam Alert service using your News Reader or Aggregator (including My Yahoo!).
Scam Alert News Feed

You can even put the latest alerts on your own web site.

Click here to learn more about RSS News Feeds and our Scam Alert Service!

Resources links - use one of the links below to access more information on Spoof Email & Phishing Scams.

Library of Spoof Email Phishing Scams

Brief guide to Phishing

Full article on spoof email scams

Spoof URL Checker

Link Checker

Browser URL Spoofing Vulnerability Check

Latest browser bug aids Phishing Scams - beware!

Destinations - other resources available on the MillerSmiles.co.uk web site.

Click the arrow to return to previous page

Home

Guides...

Book Terminology

How to identify a first edition book

Auction Watcher

List of the main Auction Sites world wide