At first glance it looks just like the real ebay site. But a quick look at the URL in the address bar will tell you that this is NOT ebay.

The link says http://www.grandzawiyah.com/state.wa/signin.htm?213rjceirjqexr98rdlkmsanchfrinvc58ucrdjkxnerimjgtmxkjnzmhrugt45ncoirehviuhtrckm45x and you end up here if you happen to have received the spoofed ebay email.

My client got theirs from email address eBay Member: quickshipelectronics [mailto:lindbergjh@hotmail.com] and as usual I checked the URLs embedded in the email. While on the surface the URLs say http://cgi.ebay.co.uk/ws/eBayISAPI.dll?ViewItem&item=130258573190 the actual destination is http://www.shamick.com/SWF?item=130258573190 which leads you to the URL of the site in the screenshot above.

However, www.shamick.com and www.grandzawiyah.com appear to be legitimate domains and websites — but people with malicious intent may have hijacked a subfolder on their hosting service where the redirect from shamick.com/swf has been placed to lead to the fake ebay landing page above.

So a CAVEAT to all. Check the actual links before you click on them, especially if you know you shouldn’t be getting emails from services you have not signed for. Mouse over the link and then check if the URL that appears in your status bar matches the link and is the actual URL of the service.