Skip to comments.BEWARE: Another EBAY e-mail scam
Posted on 09/13/2003 1:51:13 PM PDT by A_Niceguy_in_CA
I just received a bogus e-mail that really looked like it came from ebay. It appeared to come from ebay. by the "from tags" and all the exact use of official looking ebay "webpages". But upon further digging into the actual e-mail headers, I found it did not come from ebay, but scammers instead. It directs you to a ebay "update page" which asks for all your personal, banking, credit card, ssn. birthdate, place of birth etc.
I've tried to "copy" the headers and message (without the graphics) of this email scam below.
Received: from aibo.runbox.com ([188.8.131.52]) by mc10-f19.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Sat, 13 Sep 2003 07:36:39 -0700
Received: from [10.9.9.16] (helo=lassie.runbox.com) by lufsen.runbox.com with esmtp (Exim 4.20) id 19yBVu-0004K1-PN for (ommited)@hotmail.com; Sat, 13 Sep 2003 16:36:38 +0200
Received: from [184.108.40.206] (helo=220.127.116.11) (Authenticated Senderemail@example.com) by lassie.runbox.com with asmtp (Exim 4.20) id 19yBVJ-00023A-Q3 for (ommited)@hotmail.com; Sat, 13 Sep 2003 16:36:03 +0200
To: "(Ommited)" <(ommited)@hotmail.com> Subject: eBay Security Request
Date: Sat, 13 Sep 2003 16:35:21 +0200
X-Mailer: Internet Mail Service
Content-Type: multipart/alternative; boundary="----_NextPart_805960273494499"
X-OriginalArrivalTime: 13 Sep 2003 14:36:40.0233 (UTC)
Dear eBay User,
During our regular update and verification of the accounts, we could not verify your current information. Either your information has changed or it is incomplete.
As a result, your access to bid or buy on eBay has been restricted.
According to our site policy you will have to confirm that you are the real owner of the eBay account by log in and complete the form that will pop up or else your account will be suspended without the right to register again with eBay.
After you will login please verify your information in order to complete this verification.
eBay Customer Support
eBay User ID (fill in box)) You can also use your registered email.
eBay Password (fill in box) Forgot your password?
Protect yourself from fraudulent (spoof) emails eBay is working hard to help keep your account safe from hacking and unauthorized intrusions. Some community members have reported receiving deceptive emails claiming to come from eBay, PayPal, or other popular Web sites. These emails are also known as "spoof" or "phishing" emails. The people who send these emails hope that unsuspecting recipients will reply or click on a link contained in the email and then provide sensitive personal information (for example, eBay passwords, social security numbers, or credit card numbers).
We strongly encourage you to be cautious when responding to any email request for sensitive personal information.
Remember, just because an email looks like it's from eBay, doesn't mean it really is. An eBay address in the "From" line of an email (for example, "From: firstname.lastname@example.org", "From: email@example.com", "From: eBay Account Maintenance") does not guarantee that the email is from eBay.
You can also take a few simple steps to protect your account and prevent senders of deceptive emails from doing harm:
Be sure you are on an eBay page Before signing in, check the Web address in your browser. If you click on a link in an email, verify that the web address in your browser is the same as the address shown in the email. The Web address of most eBay sign-in pages begins with http://signin.ebay.com/. Never type your eBay user ID and password into a Web page that doesn't have ".ebay.com" immediately before the first forward slash (/).
Always use a secure server when submitting credit card numbers Before submitting credit card numbers over the Internet, ensure that you are using a secure server. The beginning of the web address in your browser window should be "https://" and not "http://". For secure server pages, you should also see a "lock" icon at the bottom of the browser.
Do not send sensitive personal information via email eBay will never ask you to send your account password or other sensitive personal information such as credit card numbers in an email. Some deceptive emails will ask you to enter your password or sensitive personal information directly into a form within the email in an attempt to defraud you - don't do it.
When in doubt, use the eBay Web site Any doubt that the email really is from eBay? Simply open a new browser window, type www.ebay.com, sign-in, and use the "site map" link to navigate the site. And make sure you sign out when you are finished, especially if you are using a public computer.
Report suspicious email Help us keep our community safe. If you have any doubt whether an email is from eBay, forward the message to firstname.lastname@example.org immediately. Don't alter the subject line or forward the message as an attachment - doing so makes it more difficult for us to react quickly.
Contact your bank or credit card company If you have already replied to a fraudulent email with sensitive personal information or entered data through a fake Web page, contact your bank and/or credit card companies immediately to prevent identity theft. eBay also recommends that you check your Account and My eBay preferences periodically to ensure that no one has tampered with your account.
Educate yourself eBay's Help system provides detailed information about spoof emails, identity theft, and what to do if your eBay account has been compromised.
The old we need to borrow your bank account for 15 million dollar scam is going around again from the UK. And, if you help them take care of their money, eventually you'll get your 5% cut.
If it sounds way too good to be true, forward those to law enforcement. (I know that freepers aren't that stupid to fall for it though).
Don't EVER give your information in emails like this email is requesting.
From: "aw-confirm@eBay.com" To: "(Ommited)" <(ommited)@hotmail.com> Subject: eBay Security Request Date: Sat, 13 Sep 2003 16:35:21 +0200
|Copyright © 1995-2002 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
I cannot believe, in this day and age, that there are still gullible sheep out there who would e-mail that kind of sensitive info out to anyone who requested it. People must be losing brain cells at an incredible rate.
The various IP blocks were mostly allocated by IANA (Internet assigned number authority; back before ICANN took over). That particular IP happens to be one "owned" by KPNQwest in Oslo, Norway. There are various ways to find out the relevant information (some whois servers will provide the information, or you can use trace-route utilities, such as tracert on Windows, for example).
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.