The text link in the HTML formatted email message looks like it is legitimately from eBay, but in fact it is NOT, here is the complete message presented as an image:
When I click on this link, however, my web browser is redirected to the following address:
http://61.235.97.3:81/aw-cgi/SignIn.php?mail=myuserid@myemail.domain
Anytime you are directed to an IP address (numbers) instead of a domain name (words like ebay.com) that is a big warning of something “phishy.”
A simple procedure for seeing “behind the curtain” of a website is to cut off the last part of the address: the directory names and the page address names, and go to the root domain address. In this case, that is http://61.235.97.3. After going to this page, the following is displayed: 
The fact that this is NOT eBay (www.ebay.com) and there is an option to login in Chinese is a big hint this email is illegitimate. In fact, it is proof of phishing.
Further confirmation can be obtained with a simple Google search for the subject line text, “eBay Fraud Mediation Request.” The second Google search hit result (of about 11,000) is to FraudWatchInternational, confirming this email is a spoof and not correct.
Other hints this is a phishing attack are the fact that the email was sent to several people, not just to me, who have my same first name. The authors are doing some “phishing” for suckers, but not sucker fish– they are looking for human suckers!
Another technique to “look behind the curtain” of the website address and domain is to perform a “whois lookup.” By doing a simple keyword search for “whois lookup” in Google, I saw the first hit was from NetworkSolutions (a well established and well-known Internet website domain registration company) and was their free WhoIs Records search. By selecting “search by IP address” on this reputable and free search tool, I was able to learn that the owner of the actual server to whom the website in question is registered is the “Asia Pacific Network Information Center,” based out of Australia:
This Australian company is not necessarily the entity responsible for the phishing scam, but someone who is using a computer on their network with that IP address is. That is something law enforcement folks could (and hopefully will) track down eventually.
The bottom line is, don’t give out personal information using links you receive from unsolicited emails. eBay has a good page in their actual security center (http://pages.ebay.com/securitycenter/stop_spoof_websites.html) providing several good suggestions for avoiding “phishing” scams like these. They are:
– Learn the signs of a spoof email
– Get eBay Toolbar with Account Guard
– Do not click on email links that request personal information.
SO, what is the bottom line here as far as education and digital literacy? Everyone who uses the Internet and email needs to know how to do these basic things, to avoid “phishing” scams. This is part of digital literacy, and it is needed by many, not a few.
If you enjoyed this post and found it useful, subscribe to Wes’ free newsletter. Check out Wes’ video tutorial library, “Playing with Media.” Information about more ways to learn with Dr. Wesley Fryer are available on wesfryer.com/after.
On this day..
- Beware of Hacked Minecraft Software (and phishing emails) – 2021
- Teacher Personal Laptop Purchase Advice: Mac Laptop or Chromebook – 2017
- Director of Technology – Casady School – 2015
- Directly Download an Enhanced ePUB eBook to Your iPad – 2012
- YouTube is the new Cable Channel Platform – 2012
- Working with Free eBooks on Kindle for iPad NOT from Amazon.com – 2011
- Digital Storytelling in Plain English – 2010
- Skirky and Pink on Cognitive Surplus, Motivation & Social Media – 2010
- Kansas Teachers: Register for Celebrate Kansas Voices (CKV) 4-6 August 2010! – 2010
- What does 21st century literacy prep mean 2U? – 2010