With all the coverage phishing scams have received recently, you'd think that the practice has begun to wane. Not so. Take a look at a sample of an eBay phishing spam I received today.
It sure looks like the genuine article. For a split second I thought it was the real thing too. But then common sense prevailed, and my natural suspicion kicked in prompting me to take a closer look.
The spam email looks clean enough and the content seems legit. The images are served from legitimate sites, and the supposed link I am invited to click on (billing.eBay.com) does appear to be an eBay host. But this is indeed a fake, designed to lower my guard and click on the link.
Who knows what lies on the landing page. Could be a well-crafted decoy site to collect my eBay information, or it could be a page containing malicious code designed to come to life and install a malware on my PC when I get there.
The telltale signs, however camouflaged, were still there. The message itself seemed fine on the first pass, but a closer inspection revealed an amateurish attempt to scare me enough to take immediate action. Then I proceeded to look at the email headers. Just about all email readers, including those from online and free services, like Gmail, Yahoo, and Hotmail, allow users to inspect the emails' raw data.
The header revealed that the message was sent from Poland. Obviously that was a red flag. Then inspecting the email's HTML source uncovered that the link was just a decoy. Underneath the link, the miscreant had coded a completely different link to take my browser for a ride; another red flag. Okay, that was about all of that. It was time to dump the email and get on with the day's work.
We all receive numerous emails similar to this everyday. Always trust your first instinct not to trust any of them. Read your emails in text format first to see if anything looks out of place, turn on image masking that many email readers offer these days, never click on any links, no matter how genuine the email looks and how tempted you might feel, and never reply to these emails. Always contact the vendors directly via their Web sites or telephone numbers. Even if the email is authentic, you can never go wrong by bypassing it and going to the source directly yourself.
ebay phishing,phishing,spam,trojan,email headers