What appears to be a new form of URL Spoofing
- ADDRESS BAR SPOOFING - propogates across the net with this spoofed ebay email...
spoof eBay email (see image below) is in HTML format and the link has been disguised
using HTML code to look like it will lead to a genuine and secure
eBay site page.
The link will open a browser window which is scripted to close
and reopen with the address bar removed and at full screen.
a replacement address bar with text, and that text is a genuine
URL of a secure eBay page
(https://arribba.cgi3.ebay.com/aw-cgi/ebayISAPI.dll). The fake address bar is
constructed with images and the URL text as mentioned, the only draw back to
this approach for the perpetrators is that some of the images used to build the
fake toolbar have a light grey background which only matches the Windows™ Classic
desktop setting. They have even constructed a dummy 'Go' button which appears
to be functional.
page is actually hosted on Yahoo Inc's servers together with the form to mail
script which captures any data submitted into the form.
The nature of the bogus page and the genuine appearance of the
email earns this phishing scam a HIGH risk level.
If you have received this email, please remember that it is very
common for these email scams to be redistributed at a later date with only slightly
different content or the same but with the fake page(s) hosted by a different
provider. Also, once you have received one of these hoaxes, it is also common
place to receive at least another one and usually a day or two after the first,
although not necessarily from the same apparent sender.
Many thanks go to Brandon Richards of
Speciality Service Systems, Inc. for reporting
The Spoof Email ...
bogus web page (the entire address bar is built from code within the page)...