Saturday, December 10, 2005

how to figure out if an email is spam! in this case it's an eBay spoof spam...

I just got a scary piece of spam, that for some reason wasn't caught by my filters. It was presented as a question from a seller, basically saying I had won the bidding on their product (a home theatre dvd system, no less - so you can assume the price tag is big), and that they had been trying to contact me, and if they don't hear from me they'll contact ebay & give me negative feedback.

So, because I'm a skeptic and internet savvy, I know better - but there are so many people who don't! So here's a few tricks that I do to double check if something is spam, without even giving them a clue that I've read their email.

First, here's a screenshot of the email they sent me. Note that using Mail, I turn off the automatic loading of images, because often spam/email marketers depend on your loading the images in order to track when and how many times you've viewed it:

(click to view larger)

The first thing I do to double check if something is spam, is to check what the links really are. Because this is HTML, they can make the links look like one thing, but they're really another. So, as you'll see on this image (above) I right click on the link & copy it, and then go paste it into my browser's address bar. Another way to do this is to view the raw source of the email. Turns out all the links in this email go to the very same place:

http://signin.ebay.com.isapi-dll.info/ws/signin.html

First thing you should notice there is that it's not https: - meaning it's not secure (the s means secure). You can check to see if you see the lock icon on your browser - which if you look at the screenshot below, theirs is NOT. Any log-in page, especially for a giant as large as eBay, is DEFINITELY going to have SSL (what you purchase/activate to have that security). Granted, you should also keep in mind SSL Certificates aren't that expensive, so never just trust the lock outright!

Another thing on that URL though, is that it may look like it's signin.ebay.com, but actually the domain is http://signin.ebay.com.isapi-dll.info - tricky! They've basically purchased a .info domain name & created a subdomain on it to look like ebay.

Here's are screenshots of the real eBay login page & the spammer's login page (click to view larger):Looking between the two of them, there are some other very small tip-offs that will tell you it's fake - but the bottom line is don't do what they want you to do: Don't use the links in their email... instead go type the URL in yourself (in this case, simply www.eBay.com) and double check your account that way. More often than not a confusing piece of email like this will be spam... so don't be too trusting. Spammers are getting smart - but do yourself a favor and learn how to outsmart their attempts to get your information!

Hope this helps someone. Now, I must stop procrastinating & work. :p