New eBay spoof...

I'm used to getting emails for Phishing scams - fake emails that pretend to be from a legitimate company asking personal information. I've gotten them pretending to be from eBay, PayPal, and several banks that I've never had accounts with. I've always recognized them as scams, usually before even opening the email. But today I almost fell for one.

I got an email labeled as "question from an eBay member" and opened it. It said "I paid for this item, when are you going to ship it" and had an eBay link. I clicked on it. Luckily, I was using Netscape 7.2 on the machine at work I was on, and it gave me a box saying that it appeared that the site was pretending to be eBay but was actually not.

I looked at the message again and realized I had missed a ton of clues. eBay emails usually come from the auction page and have the auction number and title. The user never stated what the item was. I checked recently sold items and I hadn't sold any to the username at the bottom of the email. I checked the full headers and it did not originate from eBay's servers but rather from a dhost.info domain. I also forwarded it to spoof@ebay.com, and got a reply a few minutes later that the email was not only a spoof but that the link also tries to install a keylogger virus.

I feel pretty stupid, as I'm usually good about spotting phishing emails, and I work in IT and should have thought to check the technical aspects before clicking. But it was some brilliant social engineering - I've sold about 20 items in the last 2 weeks, and I'm used to having a small percent of buyers who ask dumb questions or want to know the status of their item every hour. So I figured I'd post this as a heads-up. I also have to give mad props to the Netscape/FirFox team for adding the anti-spoofing feature to their browser.