Posted on 03/06/2010 1:02:42 PM PST by Special Agent Anthony DiNozzo
I am trying to log into my ebay account, and I am being asked for all sorts of personal information, to include an ATM PIN.
I am going to the correct URL [the browser shows it as living at "ebay.com"], so this isn't "phishing".
Ergo one of the following must be true:
1) Either Ebay has been hacked, or
2) I have a very sophisticated virus on my machine which is capable of altering my TCP/IP stack and redirecting my DNS lookups.
Yes it is, for a secure site.
Look at the source code for the page you linked - it sends the browser to ‘www.ebay.com’ with a redirect.
Which is going to make IE look it up again.... and go back to the fake site because of the hijacked DNS.
Note phrasing and spelling.
Authorised
Please enter as more informaation as possible
Fraud or fake imo.
...
So, do you want advice on how to fix this, or are you going to keep ignoring me? :P
Read the page carefully. It has the smell of English as a second language about it. No way this is eBay.
Current ebay pages have copyright notice date 2010 not 2008
I once had what appeared to be an email from my bank, but when I looked closer at the IP address, it didn’t seem right. Turned out the email originated in Zimbabwe.
Copy URL and send it to phish@ebay.com
That is pretty weird. The “s” after http is for “secure” which is normal once two computers have exchanged certificate information, meaning the session is encrypted. Below is part of the URL I get when I prepare to login to eBay.
https://signin.ebay.com/ws/eBayISAPI.dll?
Looks to me like somebody has hijacked the eBay domain in a server somewhere. I’m no expert in this area by any means but somebody is spoofing the eBay login page. Works from my connection.
The hijack isn’t in a server, it’s on his own machine.
No, you’ve got a browser hack. Just use hijackthis. http://free.antivirus.com/hijackthis/
It won’t show up that way unless you have one of the older and clumsier virii. Isn’t Windows/IE fun? :P
Thanx. I guess by the time I posted my bit another 50 people had pointed out the same thing.
Slow connection blues.
Good point, and the first sentence is a dead giveaway as the sentence structure is not what anyone on these shores would use to explain the new security system. In fact the whole upper explanation which I didn’t read until I saw your post, reads screwy. The word Fraudsters is unlikely to be used in professional correspondence.
The dead giveaway is the next sentence, “Please enter as more information as possible to provide your complete identification”... Written by someone who does not have a command of the English language, except from a foreign perspective.
That’s possible, too. Usually, though, they don’t just settle for browser ‘jacks these days.
I would suggest getting Malwarebytes (free) from Download.com, rebooting into safe mode (with networking) and then installing/updating/running MB.
HJT is nice for diagnosis but it doesn’t actually remove anything.
DiNozzo, does somebody get to smack you on the back of the head now ;)
Check with and listen to the couple of people who offered to help you fix this.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.