How to find the real link in a spoof message : eBay Guides

How to find the real link in a spoof message

Note:
This article is for advanced users only. If you follow this article, you do it on your own risk !

How many times you got an email that appears to have come from eBay but it was not ?
How many time you suspected an email you got is a phishing email ?

You probably asked yourself many times how do I verify an email and make sure it is legit?.
This article will show you a quick way to find out if an email is a phishing or legit.

First of all let me remind you the 2 basic rules:
1. If an email you get to your personal email box was not received to your message box in your ‘my-eBay’, than it is probably NOT from eBay.
2. eBay again and again said it will never ask for your username + password in an email.
So, if this email eventually leads to a page that asks for both, than it is not from eBay, no matter if the page looks identical to eBay page.

Now that we are aware of the above 2 simple rules, let’s examine a suspicious email that looks like this:




This email  (like many others) starts with a kind of a problem that you have, and than suggest a solution, usually it is a link to a page that looks like eBay page that asks for your username and password.

Look carefully on the link, the link text appears as http://cgi.ebay.com that is a legit eBay address but this is the link text! Everyone that knows little html knows that a link tag <a href=> consist of 2 parts, the text which is shown to the viewer and its link. The link is where you’ll be forwarded while clicking on a marked text.

You should also know that a structure of a web site address may contain a long string but what matters is the last pointer of the site.
For example, the address http://this.is.a.multiple.paypal.com.ebay.com.phishing.co.uk is leading to the site phishing.co.uk no matter what its prefix is !
(All text after the / sign means the web page address which is under that last pointer site)

In our case, the last site address of the link text is cgi.ebay.com but it points to site jki.co.mx that goes to a phishing site in Mexico.
As explained above http://cgi.ebay.com.jki.co.mx goes to jki.co.mx and NOT to eBay as you might think.

How do I see this link ?
Place your mouse cursor over the link, DON’T CLICK IT ! , just place it over and in your browser’s status-bar or next to the link (depends on your email client/browser) you’ll see the link string where the link text leads to.

That easy is to monitor the links in an email and verify it is going to a legit site.

Those who want to contribute and help fight those scammers, forward the email to spoof@ebay.com and attach the header of the email as well.

Do yourself a favor and make it a habit to examine every link you get in an email.
believe me , it might save you a lot of time and trouble.

Be careful out there, eBay is a wonderful place to deal as long as you are aware of threats and risks.

Avi



Remark:
In some versions of IE and Gmail the link string will not show, still you can use the ‘copy shortcut’ that copies the link where it leads (right click of your mouse while over the presented link text) and paste it in wordpad etc. to see it.