Users arrive at a forged eBay page with a very convincing URL in this Phishing Scam...

This spoof eBay email (see below) is in HTML format (although it does look like a text only email in order add a sense of authenticity to the link text). The link has been disguised using HTML code to look like a genuine link to eBay but it will actually open a forged eBay web form titles 'For security reasons the following information must be confirmed'.

The URL (as shown in your browser address bar) of the bogus form is actually a sub domain of sdffsd.com, and the sub domain name has purposefully been constructed to be very long and contain the phrase 'www.ebay.com.cgi3' etc, (which of-course, bears absolutely no relation to where the fake page is). Sub domains like this (also called Third Level Domain names) can be considered to be an independent and unique website in themselves. Many webmasters offer their sole use as one form or another of web hosting (such as 20m.com who offer them for free) and an alternative to having to register a domain for yourself. We are seeing more of these long URLs made from long sub domain names and which are broken up with periods to give the appearance of being a genuine domain, such as www.ebay.com as in this spoof email. The URL is...

http://www.ebay.com.cgi3.update.information.system.users. cgi3.ebay.com.update.base.cgi3.update.base.system.control.
cgi2.panel.ebay.com.sdffsd.com/e.html

...and we've highlighted the deceptive part in bold red, and the true domain in bold blue. The length of the URL would also cause the genuine domain component to fall out of view in screens of low resolution such as 800x600 (one of the most popular screen resolutions in use).

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

The Spoof Email ...

Dear eBay User,

During our regular update and verification of the accounts, we could not verify your current information. Either your information has changed or it is incomplete.

As a result, your access to bid or buy on eBay has been restricted.
According to our site policy you will have to confirm that you are the real owner of the eBay account by completing the form that will pop up or else your account will be deleted.

If you received this notice and you are not the authorized account holder, please be aware that it is in violation of eBay policy to represent oneself as another eBay user.
Such action may also be in violation of local, national, and/or international law. eBay is committed to assist law enforcement with any inquires related to attempts to
misappropriate personal information with the intent to commit fraud or theft.

We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter.

To update your eBay records click here::

http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?UPdate
eBay Update team
http://www.eBay.com

Thank you

Safeharbor Department
eBay Inc.

The bogus web page ...