my profile |
register |
faq |
search upload photo | donate | calendar |
09-07-2004, 01:06 PM | #1 |
User
Join Date: Jun 2002
Location: Utah, in the land of the Sleeping Rainbow
Posts: 1,457
Thanks: 0
Thanked 1 Time in 1 Post
|
WARNING--- EBAY SPOOF
This morning I recieved an email allegedly from Ebay essentially telling me that some of my account information cannot be verified and I need to go to the link provided to update it or within 5 days my account will be restricted. I clicked the link and was taken to what appeared to be a legitimate Ebay site where I was supposed to enter my name and password to continue, well no way. I reported it to Ebay and shortly recieved the following, if you recieve the same email do not reply to the request.
Thank you for writing to eBay regarding the email you received. Emails such as this, commonly referred to as "spoof" or "phished" messages, are sent in an attempt to collect sensitive personal or financial information from the recipients. The email you reported was not sent by eBay. We have reported this email to the appropriate authorities. In the future, be very cautious of any email that asks you to submit information such as your credit card number or your email password. eBay will never ask you for sensitive personal information such as passwords, bank account or credit card numbers, Personal Identification Numbers (PINs), or Social Security Numbers in an email. If you ever need to provide sensitive information to us, please open a new Web browser, type www.ebay.com into your browser address field, and click on the "site map" link located at the top the page to access the eBay page you need. If you have any doubt about whether an email message is from eBay, please forward it immediately to [email protected]. Do not respond to it or click any of the links. Do not remove the original subject line or change the email in any way when you forward it to us. If you have already entered sensitive financial information or your password into a Web site based on a request from a spoofed email, you should take immediate action to protect your identity and all of your online accounts. We have developed an eBay Help page with valuable information regarding the steps you should take to protect yourself. http://pages.ebay.com/help/confidenc...reporting.html To review eBay's new tutorial about Spoof Emails, please see the following Web page: http://pages.ebay.com/education/spooftutorial/ Once again, thank you for alerting us to the spoof email you received. Your efforts help us ensure that eBay remains a safe and vibrant online marketplace. Regards, Ian eBay SafeHarbor Investigations Team ______________________________ eBay Your Personal Trading Community (tm) *******************************************
__________________
Utah, where gun control means a steady trigger pull |
09-07-2004, 02:08 PM | #2 |
Lifer
Lifetime Forum Patron Join Date: Jun 2002
Location: The Capital of the Free World
Posts: 10,154
Thanks: 3,003
Thanked 2,306 Times in 1,097 Posts
|
Let me add my caution to the membership. Being in the computer security industry I can second this warning...
I get about two of these "phishing" emails a week... and I forward every one to either ebay (or paypal) as appropriate... Both of these organizations have very active anti-fraud organizations who pursue these bandits... give them all the help you can... and NEVER fill out a personal information request, especially a request for userID and password, or credit card numbers because of an email you receive... Even if the return email address looks legitimate, it can be spoofed. The return email address for the one I got this morning was: [email protected] but the email specifically asked that no reply be sent to them... this is a red flag... they only want you to click on the link to the bogus screen where they will attempt to capture your personal account information... Any organization with whom you do business using a userID and password and even a credit card will have that information on file and they don't need you to supply it. Another method used for Phishing is scam telephone calls with the same message... "please give me your account information so that we can verify or unlock your account..." Ask these scam artists for their phone number so you can call them right back because you are busy and they will generally hang up on you, or give you a bogus number. If you ever think you have been victimized by one of these scams IMMEDIATELY contact the organization directly through their website... don't use any supplied "links" that are in the email. Change your password, and notify your financial institution... Better safe than sorry. be ever vigilant to protect your identity and your finances... regards, John
__________________
regards, -John S "...We hold these truths to be self-evident that ALL men are created EQUAL and are endowed by their Creator with certain UNALIENABLE rights, and among these are life, LIBERTY, and the pursuit of happiness..." |
09-08-2004, 01:39 AM | #3 |
User
Join Date: Oct 2003
Location: PA
Posts: 132
Thanks: 0
Thanked 0 Times in 0 Posts
|
Part of the problem is Internet Explorer/Outlook. It allows the email to show what appears to be a legit url, when in fact, it is not.
I use Linux and I can see the spoofed url (you can do the same by using "view message source" in Outlook. I then do a whois (www.samspade.org) of the address and contact the admin of the hosting domain. More often then not the site that is hosting the ebay/paypal "validation page" has been hacked into and the admin is unaware.
__________________
Carpe Diem, Parabellum |
09-08-2004, 10:53 AM | #4 |
Lifer
Lifetime Forum Patron Join Date: Jan 2004
Location: Georgia
Posts: 387
Thanks: 0
Thanked 40 Times in 29 Posts
|
For those of you who may receive a "phishing" edition email asking you to divulge information to correct or update an eBay or PayPal account by clicking on a link provided by email, here are the addresses to forward that email to for investigation:
[email protected] [email protected] A forward to the spoof at ebay address will prompt an immediate, automated return. It will be followed a bit later by the return that Herb has kindly offered in the start of this thread. My own experience has been three, perhaps four, "phishing" emails over the past year seeking either my eBay or PayPal account information. I have to admit that, in the first instance, I very nearly proceeded to provide eBay account information, but hesistated due to some inner bell long enough to check with eBay and take the correct path. There there is the persistent arrival, even two days ago, of emails from poor folks in Nigeria unable to get to their stranded $230,000,000 ............... Technology provides the most wonderful opporunities for those who troll long enough and deep enough. If a bated line is in the water sooner or later something will bite. Be aware, alert and cautious! Kindly, David |
09-08-2004, 01:48 PM | #5 |
User
Join Date: Jun 2002
Location: Utah, in the land of the Sleeping Rainbow
Posts: 1,457
Thanks: 0
Thanked 1 Time in 1 Post
|
Dean, I don't know about IE/Outlook problems, I wouldn't go near either of them with a mad skunk in my pocket, much too insecure. I use only Netscape as the brouser and mail client. I open my mail with SpamBuster which not only shows the address the mail came from but the real name of the sender, or at least the name the sender uses, in this case it was Everett<[email protected]. I have gotten similar ones from PayPal also and I just ignored and deleted them.
__________________
Utah, where gun control means a steady trigger pull |
09-08-2004, 02:45 PM | #6 |
User
Join Date: Jun 2002
Location: Utah, in the land of the Sleeping Rainbow
Posts: 1,457
Thanks: 0
Thanked 1 Time in 1 Post
|
Here's what the original message looked like, go ahead and click on the links, sure look legit don't they? The disturbing thing to me was that I use the 'memory' login feature on my computer and the darn thing entered my username and password automatically, it didn't recognize the site as a fake.
spacer Update Your Credit / Debit Card On Your eBay File spacer spacer Dear eBay member , During our regular and verification of the accounts we couldn't verify your current information, either your information Has changed or it is incomplete . if the account is not updated to current information within 5 days then , your access to Buy or Sell on eBay will be restricted Go to the link below to Update your account information : http://signin.ebay.com/aw-cgi/eBayIS...ame=h:h:sin:US please dont reply to this email as you will not receive a response Thank You for using eBay! http://www.eBay.com ________________________________________________________________________ _________________________________ As outlined in our user agreement , eBay will periodically send you information about site changes and enhancements, vist our Privacy Policy and User Agreement if you have any questions . Copyright �© 1995-2004 eBay Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners.
__________________
Utah, where gun control means a steady trigger pull |
09-10-2004, 08:33 PM | #7 |
User
Join Date: Sep 2004
Location: CANADA
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
|
It seems like there is always either an ebay or a Paypal scam lurking about! Thanks for the heads up guys!
Regards, Sean |
|
|