[AZ_Drummer]

Since we were on the topic of Ebay fraud on another thread...

I just got this in my email...it was titled "Ebay Security Request".






Dear eBay User,

During our regular update and verification of the accounts, we could not verify your current information. Either your information has changed or it is incomplete.

As a result, your access to bid or buy on eBay has been restricted.

According to our site policy you will have to confirm that you are the real owner of the eBay account by log in and complete the form that will pop up or else your account will be suspended without the right to register again with eBay.

After you will login please verify your information in order to complete this verification.

Thank you

eBay Customer Support




eBay User ID
You can also use your registered email.



eBay Password
Forgot your password?




Having problems signing in? Get help now.










--------------------------------------------------------------------------------


Announcements | Register | SafeHarbor (Rules & Safety) | Feedback Forum | About eBay

Copyright © 1995-2002 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.



The original email is in HTML, so some things are missing. There was a section to enter your User ID and Password.

Doesn't look legit to me, especially if you view the source code. I forwarded to Ebay fraud department.
But I'll bet there are plenty of folks who dutifully logged in and are now the proud owners of hijacked accounts.

Ifyou want to minimize fraud online, a little common sense will go a long way.

Hey, anyone want my credit card numbers

 

[AZ_Drummer]

I just got an email back from Ebay saying that this email is in fact a fraud. Who woulda thunk it?

BTW, if you get any suspicious ebay emails you can report them to [email protected]

Do your part to keep the internet a kindler, gentler place.

 

[malebiker1]

Dont reply to it. Ebay sent out a rael email a few months back about this stating that they would never ask for any security items.

Just send a copy of it to EBAY and they can find out who sent it out.

and if it is legit they will let you know.

Mike

 

[spacemeat]

thats exactly what they do. if you think you wont be dumb enough to click a link that isnt ebay.com, they are extremely well disguised. they look something like this:

https://secure.ebay.com/sessionid=2hyf54f67oly3g7j7:[email protected]/
(dont click or paste this, its a loopback IP) notice the @ - everything before it in a URL is a login and password so anything can appear there, even ebay.com

AZ_Drummer: is your ebay usedID your email address?

 

[AZ_Drummer]

AZ_Drummer: is your ebay usedID your email address?

No, it's not.

What are you telling us about that link? Don't know what you mean.

Are you saying that if you click on any link in the aforementioned email that the spammer can locate your user Id and password?

 

[spacemeat]

What are you telling us about that link? Don't know what you mean.

Are you saying that if you click on any link in the aforementioned email that the spammer can locate your user Id and password?

im saying its harder to identify a fake link in an email. when someone reads 'click here' and the link starts with ebay.com it looks legitimate. most people don't understand that there are ways to disguise a false link so convincingly

the syntax works like this:
http://username[email protected]/

if sam wanted to disguise this site as dodge.com he can create a user account called 'www.dodge.com/websession' and give it the password 'newproducts' and the link will look like this:
http://www.dodge.com/websession:[email protected] (do not click)

now all a scammer has to do is make usernames and passwords so long with random characters that it looks like a typical secure login with session variables. when someone opens the page and thinks its really ebay (even experienced pc users), they will fill out any information asked for
if theres an @ sign in the URL, its usually bogus

 

[AZ_Drummer]

Ah yes! I see the light now! Very tricky stuff.

Of course, I would wonder why you know so much about false URL addresses...

Seriously....thanks for the info. I'll watch for that in the future.

 

[spacemeat]

Of course, I would wonder why you know so much about false URL addresses...

no, my hacking days have been over since napster came out

i used to think ebay scams used links like eebay.com or ebay.somethingelse.com or ebay.ru
then i read a thread like this where someone knew they had a bogus email but the link wasnt such an obvious giveaway

ive been on ebay for about 4 years and havent received a scam email like that. thats why i asked if your username was your email. i thought that might be how they found email addresses to send to

 

[maverick148]

I have got a few of them,sent them all to Ebay,and they were all scams.
Remember the golden rule,when in doubt,don't click!

 

[TaZMaNiaK]

If you remember a few years back, there was a group pulling a similar scam with PayPal. They sent out emails to PayPal users to "re-verify" their accounts due to a server malfunction, and they were asked to click on a link... It was something like https://www.paypaI.com/secure/reverify/sdfg/whatever.php.. Looks legit, right? no @ or : ? (Now that I look at it posted it is obvious because of the font that the board uses, but the email was sent in regular MS Sans Serif, in which the I looks like an l) Well, when you click it, it brought you to an official looking PayPal page which looked authentic right down to the PayPal logo and secure padlock on the browser... On this page it asked you for your email, password, credit card #, and bank acct #, and thousands of people filled them out, not thinking anything of it. The trick? The link was to paypai.com... The capital I in the link looks like a lowercase L. By the time the trick was found out, millions of dollars had been taken from the accounts, and the domain had been registered from offshore, so I don't think they ever got caught. Maybe they struck again!

Matt {peace}

 

[Dodgeman]

speeking of,, I just got this:

Your bank has contacted us regarding some attempts of charges from your credit card via the eBay system. We have reasons to believe that you changed your registration information or that someone else has unauthorized access to your eBay account Due to recent activity, including possible unauthorized listings placed on your account, we will require a second confirmation of your identity with us in order to allow us to investigate this matter further. Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed we reserve the right to suspend your eBay registration. If you received this notice and you are not the authorized account holder, please be aware that it is in violation of eBay policy to represent oneself as another eBay user. Such action may also be in violation of local, national, and/or international law. eBay is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law.

To confirm your identity with us click here:
https://signin.ebay.com/aw-cgi/eBayISAPI.dll?OneTimePayment&ssPageName=h:h:sin:US

After responding to the message, we ask that you allow at least 72 hours for the case to be investigated. Emailing us before that time will result in delays. We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter.

Respectfully,
Trust and Safety Department
eBay Inc.
http://www.ebay.com/

--------------------------------------------------------------------------------
This eBay notice was sent to you based on your eBay account preferences. If you would like to review your notification preferences for other types of communications, click here. If you would like to receive this email in text only, click here.

As outlined in our User Agreement, eBay will periodically send you information about site changes and enhancements. Visit our Privacy Policy and User Agreement if you have any questions.

Copyright © 2004 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.

eBay and the eBay logo are trademarks of eBay Inc.

My bank has not even contacted me, why would they contact ebay first? dumbass scammers

 

[demonpitbull]

You know something? I recieve these in my yahoo email inbox every week. Both paypal and ebay. But guess what, I dont have anything on ebay or on paypal that are linked to my yahoo email account. It is through my ISP email that i have ebay and paypal stuff. I just delete them and forget about it. I was sending them to ebay but I kept getting them so i just ignore them now.

Dan

 

[SouthernMudSlinger]

I got one of those emails wanting you to verify the information in your account the other day. They tell you to click the link and log in. Well, the paypal login page (the real one) is a secure page, and the fake login didn't have a lock on the status bar at the bottom of the computer, so it wasn't secure, therefor it was fake.