I have received about 3 emails in the past two months claiming to originate from eBay – they normally asked me to logon to my account via a link that they provided on the email. That link led me to a site that looked just like eBay but wasn’t – the address bar said login.ebay.com and everything, but it turned out that the adress on the address bar was cloaking the real address which happened to be some random ip address that hosted the fake eBay website. I was almost fooled the first time into logging in, but caught it before I input my information. For all of you that have eBay or Paypal accounts you are the target of these emails claiming to be official. Naturally I went online in search of something that would help me identify sites without having to look through code or anything like that, it turns out there’s a plug-in for both Internet Explorer and Firefox that does just that.
Once installed SpoofStick alerts you of a website’s true address, thus keeping you from inputting your private information in a website which claims to be authnetic. Below you will find links to download the files as well as some information about the add-in.
SpoofStick is a simple browser extension that helps users detect spoofed (fake) websites. A spoofed website is typically made to look like a well known, branded site (like ebay.com or citibank.com) with a slightly different or confusing URL. The attacker then tries to trick people into going to the spoofed site by sending out fake email messages or posting links in public places – hoping that some percentage of users won’t notice the incorrect URL and give away important information. This practice is sometimes known as “phishing". Via Spoofstick Website
SpoofStick Download
Ebay’s How-to Spot fake eBay Emails tutorial View Tutorial
Paypal’s How-to Spot Fake Emails Guide View Guide