TKO NOTICE: Pay your fees to eBay.com
|
||||||||||||||||||||
|
||||||||||||||||||||
Spoofed eBay email links to a forged page which has a domain name similar to eBay.com ...
This convincing looking eBay email is a spoof which links to a forged sign in page. The URL of the forged eBay sign in page is a concern here, and relies on users' understanding how domain names can be constructed... In the first report the URL shows http://signin.ebay.com.zanga.us/aw-cgi/SignIn.html and you must look for the actual domain which is zanga.us (highlighted in bold), anything to the left of that is there just to give the impression that it is an eBay.com domain which it is not. The signin.ebay.com part is simply a sub domain of zanga.us and this method of creating URLs which look genuine has been often used in these phishing scams. Zanga.us resolves to a Yahoo users' web space and any information submitted is captured by a script located on the same server as the forged sign in page. In the second report, we see a completely different URL in use - http://securemaintenanceform-scgi4.com/ - which yielded some unusual results during tracing - its nameservers are set as help-stop-phishing.com and they are assigned to an IP address (216.239.35.100) owned by Google.com. Whilst the site would not tracert with this information, it may well be that the perpetrators set the domain's DNS settings like this just to add a sense of authenticity in a DNS lookup. Help stop phishing dot com is a parked domain - not an active site and parked at dotster.com who handle the whois info for it - and it would appear that these settings have been created in the local DNS zone for the domain (which is normally only available for editing in reseller hosting packages). If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.
The Spoof Email ...
The bogus web page ...
|
 |
|
Stay informed of the latest Spoof Email Phishing Scams with either of our FREE alert services...
You can even put the latest alerts on your own web site.
|
|
 |
|
|
Library of Spoof Email Phishing Scams Full article on spoof email scams |
|
 |
|
|
Click the arrow to return to previous page Guides... |
|
|
|
|
 |
|
Email
Alerts
