eBay spoofing

Posted by Pierre Igot in: Technology
January 15th, 2004 • 11:53 am

Just got spam masquerading as an official e-mail message from eBay.com. I don’t get those very often (or Mail catches them correctly most of the time). But these people, whoever they are, are obviously getting better and better at faking the headers. I didn’t see anything in the headers that would give away the fact that it’s spam.

The spam is actually threatening and says that my account will be suspended if I don’t “login here” within 3 or 4 days. The funny thing is that the “login here” part is a hypertext link to a non-eBay site (www.wxdesign.com — don’t go there!), but only in the HTML version of the e-mail. And yes, the spam contains a plain-text alternative with no hypertext link!

Mail displayed the plain-text alternative by default on my machine. It seems to me that, if the spammers had really wanted to fool me, they wouldn’t have included a plain-text alternative (without a link). Then again, maybe people are naïve enough to switch to the HTML version and click on the link just the same. I don’t know.

Yet another reason to avoid HTML email at all costs.

Comments are closed.

Leave a Reply

Comments are closed.