eBay spoofing
Posted by Pierre Igot in: TechnologyJanuary 15th, 2004 • 11:53 am
Just got spam masquerading as an official e-mail message from eBay.com. I don’t get those very often (or Mail catches them correctly most of the time). But these people, whoever they are, are obviously getting better and better at faking the headers. I didn’t see anything in the headers that would give away the fact that it’s spam.
The spam is actually threatening and says that my account will be suspended if I don’t “login here” within 3 or 4 days. The funny thing is that the “login here” part is a hypertext link to a non-eBay site (www.wxdesign.com
— don’t go there!), but only in the HTML version of the e-mail. And yes, the spam contains a plain-text alternative with no hypertext link!
Mail displayed the plain-text alternative by default on my machine. It seems to me that, if the spammers had really wanted to fool me, they wouldn’t have included a plain-text alternative (without a link). Then again, maybe people are naïve enough to switch to the HTML version and click on the link just the same. I don’t know.
Yet another reason to avoid HTML email at all costs.