I got an email today saying my credit card was expiring at EBay. Before I delete these I check where the link goes to see if anyone interesting has had their website owned for the hosting, and this one linked to EBay!

Stunned I looked further, thinking there was some new trick, but it seems they meant me to go to the geocities link in the email source, which would redirect me to EBay. Seems that Icedove stopped me clicking the wrong link (I'm guessing users of some other well known mail clients weren't so lucky, or the phisher messed up).

Looking at the geocities page, they are redirecting the browser to a genuine EBay page, whilst launching some Javascript which sleeps for a bit, and then tries to lift information from various cookies (which I don't have fortunately). So in this case the padlock on the EBay site, and the fact that there is a good https link to EBay, won't protect you from existing browser flaws.

I think I read about this browser flaw, but I feel somehow unclean having it attempting to execute on my own machine, even though I'm pretty sure my EBay account is still safe. I may go with Javascript on trusted sites only, something the Microsoft security team have long recommended for IE users.

I couldn't persuade the phishing page to trigger any of Iceweasels new security features despite my best efforts.

Another reminder to be very careful when poking around with phishing sites.