At first glance it looks just like the real ebay site. But a quick look at the URL in the address bar will tell you that this is NOT ebay.

The link says http://www.grandzawiyah.com/state.wa/signin.htm?213rjceirjqexr98rdlkmsanchfrinvc58ucrdjkxnerimjgtmxkjnzmhrugt45ncoirehviuhtrckm45x and you end up here if you happen to have received the spoofed ebay email.

My client got theirs from email address eBay Member: quickshipelectronics [mailto:lindbergjh@hotmail.com] and as usual I checked the URLs embedded in the email. While on the surface the URLs say http://cgi.ebay.co.uk/ws/eBayISAPI.dll?ViewItem&item=130258573190 the actual destination is http://www.shamick.com/SWF?item=130258573190 which leads you to the URL of the site in the screenshot above.

However, www.shamick.com and www.grandzawiyah.com appear to be legitimate domains and websites — but people with malicious intent may have hijacked a subfolder on their hosting service where the redirect from shamick.com/swf has been placed to lead to the fake ebay landing page above.

So a CAVEAT to all. Check the actual links before you click on them, especially if you know you shouldn’t be getting emails from services you have not signed for. Mouse over the link and then check if the URL that appears in your status bar matches the link and is the actual URL of the service.

A friend introduced me to the CoolIris (formerly known as Piclens) plugin for Firefox and like a giddy nit I downloaded it and plugged it into my spanking new Firefox 3.0.1 installation on this spanking new laptop.

Turned out it was one of the culprits that, with Norton 360 installed, caused programs to turn into zombies in Task Manager after I had closed them. Imagine having five instances of Firefox lined up in the Task Manager Processes list each consuming a minimum of 50,000K and you’ll feel the chill. Add to that other instances of programs that you have already closed, still sitting in Task Manager as running programs, eating up resources that they should have spit out a few seconds after they were closed. Feel your spine tingling now? Mine did, even with 2GB of RAM on this Intel Centrino vPro.

Googling around gave me two solutions. Disable the CoolIris plugin and unregister buShell.dll which is part of Norton 360’s backup component.

For a few minutes I couldn’t uninstall CoolIris through the Addons window in Firefox. Every click on Disable or Uninstall and Restart Firefox I made ended up with the plugin still there and enabled. I had to go into my Firefox Profile folder and delete the darned folders just to get rid of it.

But after the buShell.dll unregistration and the removal of CoolIris, I must report all is well on this installation. According to my research the same effect is caused by the Skype plugin for Firefox as well so if anyone out there is experiencing the problems stated above, look into both CoolIris and the Skype plugin on your Firefox browser.

Having just signed up with PayPal I have been paying close attention to emails I receive whenever I modify details on my account.

While I was scouring my Gmail Spam folders for emails that may have been inadvertently caught, I found one that should be a great concern to other PayPal users like me. It’s an email message that looks exactly like official correspondence from PayPal, but on closer scrutiny proves to be a phishing scam.

Phishing is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user IDs and passwords and the like.

This particular email apparently from PayPal aroused suspicion as soon as I saw it.

• Reason #1: I did not register for PayPal with my gmail account.
• Reason #2: The link URL’s that show on my browser’s status bar tell me that the links embedded in this email are NOT authentic PayPal links, but were made to appear like they are.

(more…)