"We wish to inform you that for the next two days we shall upgrade our database
servers in order to increase our efficiency in managing eBay users accounts and to secure
the transactions. "...
spoof eBay email (see image below) is in HTML format (although it does look
like a text only email in order add a sense of authenticity to the link text).
The link in the email has been disguised using HTML code to look like a genuine
link to eBay and it has been further coded to exploit the URL Spoofing bug in
Internet Explorer browsers (test your browser - see link on right).
Using that link will trigger 2 new browser windows, first we
will see the genuine eBay.com home page, then what appears to be a pop up window
and its purpose is purely to convince users that they are seeing a genuine pop
up window from the eBay.com page. The pop up window has been crafted to open
without the address bar to prevent users from seeing the true URL which would
reveal its bogus nature (http://126.96.36.199:4944/dl/confirm.htm).
Any information submitted is
processed through a script located on the same server as the bogus content.
If you have received this email, please remember that it is very
common for these email scams to be redistributed at a later date with only slightly
different content or the same but with the fake page(s) hosted by a different
provider. Also, once you have received one of these hoaxes, it is also common
place to receive at least another one and usually a day or two after the first,
although not necessarily from the same apparent sender.
The Spoof Email ...
bogus web page ...