Claim: Auction site eBay is sending out suspension notices via e-mail and asking customers to verify their account information.
Example: [Collected on the Internet, 2004]
Origins: The eBay auction site has long been popular bait for phishing schemes because many Internet users have Ebay accounts, and thus this type of ruse has a good chance of reeling in some unsuspecting victims.
The eBay phishing scam reproduced above has already been around the block in the same form several times. In this latest version, clicking the link in the body of the message takes the user not to the real eBay web site, but to a counterfeit eBay “Security Update” form. Once a user fills out the phony update form (which asks for personal data such eBay user names and passwords, credit card numbers, and Social Security numbers), the information is collected by the scammers and the user is redirected to another screen which makes it appear as though he was on the real eBay site the whole time.
The coding does a pretty good job obfuscating the URLs the user is actually visiting (passing through pages at both ebay-global.com and while.ws), so even cautious web users might still be fooled. Microsoft recently issued a security update for their Internet Explorer browser intended to eliminate this sort of browser spoofing.
Last updated: 3 February 2004