Skip to comments.
BOGUS Ebay email scam warning
email
| self
Posted on 08/20/2003 7:25:41 PM PDT by supercat
I just received the following email. Pay particular attention to the part in red. I do not doubt that the text and visible formatting are copied precisely from a legitimate ebay message, but the highlighted link is almost certainly bogus--probably a data-capturing middleman.
I know this sort of scam is hardly new, but it is circulating again. Beware of it.
TOPICS: Crime/Corruption; Miscellaneous; Your Opinion/Questions
KEYWORDS: ebayscamemailweb; scam
Navigation: use the links below to view more comments.
first 1-20, 21-37 next last
Received: from SMTP32-FWD by mail.[deleted].com
(SMTP32) id A0948CE50; Wed, 20 Aug 2003 20:52:04 -0400
Received: from 168.144.21.148 [213.212.201.140] by mail.[deleted].com
(SMTPD32-8.01) id A7AE1DB0164; Wed, 20 Aug 2003 20:51:58 -0400
Received: from [145.181.24.230] by 168.144.21.148 SMTP id K7m0l26N05Ju9X; Thu, 21 Aug 2003 07:50:54 +0300
Message-ID: <4--b9-5546x--$m-8@smu5vrb.i.h2v>
From: "service@ebay.com" <service@ebay.com>
Reply-To: "service@ebay.com" <service@ebay.com>
To: <ebay@casperkitty.com>
Subject: Update Account Information
Date: Thu, 21 Aug 03 07:50:54 GMT
X-Mailer: Microsoft Outlook, Build 10.0.2616
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="..3E187B50_"
X-Priority: 3
X-MSMail-Priority: Normal
Status: R
X-UIDL: 358547561
--..3E187B50_
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
<img src=3D"http://pics.ebay.com/aw/pics/homepage/v2/logo_171x102.gif">
<P>Recently we attempted to authorize payment from your credit
card we have on file for you, but it was declined.
<p>For security purposes, our system automatically removes credit card inf=
ormation from an account when there is a problem or the card expir=
es.
<br>Please resubmit the credit card, and provide us with new and complete =
information. To resubmit credit card information via our secure se=
rver, click the following link:
<a href=3D"http://cgi3.ebay.com:aw-cgieBayISAPI.dllSignInRegisterEnterInfo=
&siteid=3D0co_partnerid=3D2@207.150.192.12/temp/zebaysec/SignIn.php">http:=
//cgi3.ebay.com/aw-cgi/eBayISAPI.dll?SignIn</a>
<P>This is the quickest and easiest method of getting credit card informat=
ion to us. Using the secure server will ensure that the credit card =
will be placed on account within 24 hours.
<P><I>Copyright 1995-2003 Ebay Inc.
All Rights Reserved. Designated trademarks and brands are the pro=
perty of their respective =20
--..3E187B50_--
1
posted on
08/20/2003 7:25:42 PM PDT
by
supercat
To: supercat
Got a very similar scam from "paypal" and reported it. Got hit last night for a "citibank checking account" that I don't have.
2
posted on
08/20/2003 7:31:26 PM PDT
by
50sDad
("There are FOUR LIGHTS! FOUR LIGHTS!")
To: 50sDad
Paypal is ebay. Ebay bought them over a year ago.
I got this one to fro paypal, I had cancelled my paypal account months ago.
To: supercat
In a URL like that, anything before the '@' is ignored. You're going straight to
"207.150.192.12/temp/zebaysec/SignIn.php"
And, as we all know, eBay uses J2EE, not PHP.
To: supercat
If you click on the senders of these spams you can bring up the sender and find out very fast that the mail is not from ebay. I also got same spam concerning bidpay and paypal. Please file a report with ebay,paypal or whoever the email concerns so they can attempt to catch the people doing this. Also check your accounts often. A buddy of mine fell for this and got a bill from Bank One credit card for $5800. He does not have a Bank One credit card.Could this be terrorist? or Al Gore scam.
5
posted on
08/20/2003 7:35:26 PM PDT
by
dalebert
To: supercat
You're exactly right. This link does not go to Ebay. If you look closely at the part you highlighted in red, you'll see this:
@207.150.192.12
Most people don't know this, but your web browser will ignore anything in a URL address that comes before the @ symbol. This means the whole string in front of the @ symbol in this address link (http://cgi3.ebay.com:aw-cgieBayISAPI.dllSignInRegisterEnterInfo= &siteid=3D0co_partnerid=3D2) is being ignored. It's there to appear as if the link goes to ebay.com.
In actuality, it's going to the IP address 207.150.192.12, which could be just about any sleazy thief who's set up a server and is trying to steal your credit card number or Ebay login.
Thanks for being vigilant and warning others. The best way to combat this kind of fraud is for people to be instintively skeptical about emails like this.
6
posted on
08/20/2003 7:38:31 PM PDT
by
tdadams
To: 50sDad
Got the same and so did my sister.
BTW...My ZoneAlarm is going crazy tonight with a ping about every 8 seconds, all from random sources. Anybody else noticing this? (maybe I need to lay off the "patriot act" threads... ) ;)
7
posted on
08/20/2003 7:39:28 PM PDT
by
Brian S
To: supercat
8
posted on
08/20/2003 7:40:25 PM PDT
by
tdadams
To: tdadams
I did a back-trace on this address and it is registered to the following:
Address: 207.150.192.12
OrgName: Affinity Internet, Inc
OrgID: AFFI
Address: 101 Continental 4th Floor
City: El Segundo
StateProv: CA
PostalCode: 90245
Country: US
I would suggest sending this to Ebay and have them investigate this company. They should be able to pinpoint who is using this IP address.
9
posted on
08/20/2003 7:46:39 PM PDT
by
rs79bm
(There's a RINO missing from the California zoo, and goes by the first name of ARNOLD.)
To: Brian S
Do you know if ZoneAlarm gives a kind of loud beep if it detects an intrusion attempt? I'm running three firewalls, so I can never tell which one is giving off an alert.
As for tonight, no haven't noticed anything unusual other than a false alarm when I was using FTP.
10
posted on
08/20/2003 7:47:23 PM PDT
by
Ex-Dem
(Sic Semper Tyrannis)
Comment #11 Removed by Moderator
To: Brian S
My ZoneAlarm is going crazy tonight Same here in Florida, but after three years on DSL, it's become fairly routine -- it looks like quite a few of the computers hooked to my ISP are infected with a worm. I ordered a replacement DSL modem last week, and my UPS delivery man told me he's been delivering about a 20 a day in my area alone. I wonder how many of those new subscribers are without a firewall, and don't even realize they're infected?
To: Ex-Dem
I know of no audible alert on the free version of zone alarm I'm running. There is a popup window alert you can activate everytime it blocks an intrusion though. It gets annoying however.
I keep hearing my hard drive write to disk every few seconds (I do keep the ZA logfile active) which is the reason I noticed all the pings.
13
posted on
08/20/2003 7:58:37 PM PDT
by
Brian S
To: Brian S
Running Zone Alarm Pro and Norton Antivirus on an XP machine. So far so good, no viruses *knock on wood* but getting pinged pretty close to the rate you stated.
14
posted on
08/20/2003 8:02:37 PM PDT
by
Severa
(Wife of Freeper Hostel, USN STS3(SS))
To: 50sDad
There's been a rash of these types of bogus e-mails trying to get people to submit all of their info, everything they need to drain their checking accounts.
I always forward these types of E-mails to my ISP, everyone should do that so maybe they could locate them and help to get them prosecuted.
I wish they'd find these scammers and hang them.
15
posted on
08/20/2003 8:04:16 PM PDT
by
Bullish
(GO TOM GO!!!)
To: browardchad
I just got Zone Alarm about two weeks ago, I've got a cable modem connection, here in VA Beach Navy housing. Talk about timing huh? :)
16
posted on
08/20/2003 8:09:52 PM PDT
by
Severa
(Wife of Freeper Hostel, USN STS3(SS))
To: browardchad
I just got Zone Alarm about two weeks ago, I've got a cable modem connection, here in VA Beach Navy housing. Talk about timing huh? :)
17
posted on
08/20/2003 8:09:52 PM PDT
by
Severa
(Wife of Freeper Hostel, USN STS3(SS))
To: browardchad
I just got Zone Alarm about two weeks ago, I've got a cable modem connection, here in VA Beach Navy housing. Talk about timing huh? :)
18
posted on
08/20/2003 8:09:53 PM PDT
by
Severa
(Wife of Freeper Hostel, USN STS3(SS))
To: supercat
I get them all the time and also from paypal,just go to your account and it will show the truth.
19
posted on
08/20/2003 8:09:55 PM PDT
by
fatima
(Jim,Karen,We are so proud of you.Thank you for all you do for our country.4th ID)
To: browardchad
I'm in VA Beach. Navy base housing. Installed Zone Alarm just a few weeks ago. Talk about timing huh? :)
20
posted on
08/20/2003 8:10:52 PM PDT
by
Severa
(Wife of Freeper Hostel, USN STS3(SS))
Navigation: use the links below to view more comments.
first 1-20, 21-37 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson