eBay Security (Verification of your Account)

Another Spoof Email and Phishing Scam report by MillerSmiles.co.uk - click this image to go to our home page.

eBay Security (Verification of your Account)
26th April 2004

please forward any scams you've received to spoof@millersmiles.co.uk

Report Summary
Date Reported	26th April 2004
Apparent Sender	eBay
Return Address	various spoofed ebay.com addresses used
Subject	eBay Security (Verification of your Account)
Format	HTML
Method	disguised link leads to bogus web content - submitted form data is captured by a PHP script located in the same web space as the forged eBay page.
Bogus Web Content?	Yes
URL of web content	exploits the URL spoofing vulnerabilityt hat exists in unpatched IE browsers - if your browser is unpatched you'll see http://scgi.ebay.com.saw-cgi.ebayISAPI.dll.ConfirmRegisterInformation. EnterRegisterInfo.dll.eBayISAPI.dll but the true URL is http://www.mec.utt.ro/~lovasz//verify.html which resolves to Romanian web space.
RISK LEVEL	Medium
WARNINGS	1. Exploits URL Spoofing (canonicalisation) in Internet Explorer browsers - check your browser or run Windows Update to ensure your browser is patched.

" Dear eBay user, During our regular update and verification of the accounts we could not verify your current information. Either your information has changed or it is incomplete. "...

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

The Spoof Email ...

eBay Security (Verification of your Account) spoofed email

The bogus web page (note - unpatched Internet Explorer browsers will show the URL as http://scgi.ebay.com....)

eBay Security (Verification of your Account) forged web page


Stay informed of the latest Spoof Email Phishing Scams with either of our FREE alert services... Email Alerts Add your email address to our email alert service... Subscribe Privacy Policy RSS News Feed Tap into our Scam Alert service using your News Reader or Aggregator (including My Yahoo!). Scam Alert News Feed You can even put the latest alerts on your own web site.

Library of Spoof Email Phishing Scams Brief guide to Phishing Full article on spoof email scams Spoof URL Checker Link Checker Browser URL Spoofing Vulnerability Check Latest browser bug aids Phishing Scams - beware!

Click the arrow to return to previous page Home Guides... Book Terminology How to identify a first edition book Auction Watcher List of the main Auction Sites world wide
<table border='0' cellpadding='0' cellspacing='0' width='120' height='243'> <!--DWLayoutTable--> <tr> <td><a href='http://www.amazon.co.uk/exec/obidos/redirect-home/millersmile09-21' target=_top ><img src="http://images-eu.amazon.com/images/G/02/associates/recommends/default_120x243.gif" width=120 height=243 border="0" access=regular></a></td> </tr> <tr> <td height="1"><img src="../spacer.gif" alt="" width="120" height="1"></td> </tr> </table>

eBay Security (Verification of your Account) 26th April 2004

eBay Security (Verification of your Account)
26th April 2004