BEWARE: Another EBAY e-mail scam

Ebay ^ | 9/13/2003 | self

[A_Niceguy_in_CA]

I just received a bogus e-mail that really looked like it came from ebay. It appeared to come from ebay. by the "from tags" and all the exact use of official looking ebay "webpages". But upon further digging into the actual e-mail headers, I found it did not come from ebay, but scammers instead. It directs you to a ebay "update page" which asks for all your personal, banking, credit card, ssn. birthdate, place of birth etc.

I've tried to "copy" the headers and message (without the graphics) of this email scam below.

X-Message-Info: JGTYoYF78jEpUwJX+C+q43xIHfPbV2j2
Received: from aibo.runbox.com ([193.71.199.138]) by mc10-f19.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Sat, 13 Sep 2003 07:36:39 -0700
Received: from [10.9.9.16] (helo=lassie.runbox.com) by lufsen.runbox.com with esmtp (Exim 4.20) id 19yBVu-0004K1-PN for (ommited)@hotmail.com; Sat, 13 Sep 2003 16:36:38 +0200
Received: from [216.77.45.99] (helo=216.77.45.99) (Authenticated Sender=fadsja@runbox.com) by lassie.runbox.com with asmtp (Exim 4.20) id 19yBVJ-00023A-Q3 for (ommited)@hotmail.com; Sat, 13 Sep 2003 16:36:03 +0200
From: "aw-confirm@eBay.com"
To: "(Ommited)" <(ommited)@hotmail.com> Subject: eBay Security Request
Date: Sat, 13 Sep 2003 16:35:21 +0200
MIME-Version: 1.0
X-Priority: 0
Reply-To: "aw-confirm@eBay.com"
X-Mailer: Internet Mail Service
Content-Type: multipart/alternative; boundary="----_NextPart_805960273494499"
Message-Id:
X-Sender: 260333
Return-Path: aw-confirm@eBay.com
X-OriginalArrivalTime: 13 Sep 2003 14:36:40.0233 (UTC)

FILETIME=[71B01990:01C37A04]

Dear eBay User,

During our regular update and verification of the accounts, we could not verify your current information. Either your information has changed or it is incomplete.

As a result, your access to bid or buy on eBay has been restricted.

According to our site policy you will have to confirm that you are the real owner of the eBay account by log in and complete the form that will pop up or else your account will be suspended without the right to register again with eBay.

After you will login please verify your information in order to complete this verification.

Thank you

eBay Customer Support

eBay User ID (fill in box)) You can also use your registered email.

eBay Password (fill in box) Forgot your password?

Submit (button)

[A_Niceguy_in_CA]

From Ebay:

Spoof Emails

Protect yourself from fraudulent (spoof) emails eBay is working hard to help keep your account safe from hacking and unauthorized intrusions. Some community members have reported receiving deceptive emails claiming to come from eBay, PayPal, or other popular Web sites. These emails are also known as "spoof" or "phishing" emails. The people who send these emails hope that unsuspecting recipients will reply or click on a link contained in the email and then provide sensitive personal information (for example, eBay passwords, social security numbers, or credit card numbers).

We strongly encourage you to be cautious when responding to any email request for sensitive personal information.

Remember, just because an email looks like it's from eBay, doesn't mean it really is. An eBay address in the "From" line of an email (for example, "From: support@ebay.com", "From: billing@ebay.com", "From: eBay Account Maintenance") does not guarantee that the email is from eBay.

You can also take a few simple steps to protect your account and prevent senders of deceptive emails from doing harm:

Be sure you are on an eBay page Before signing in, check the Web address in your browser. If you click on a link in an email, verify that the web address in your browser is the same as the address shown in the email. The Web address of most eBay sign-in pages begins with http://signin.ebay.com/. Never type your eBay user ID and password into a Web page that doesn't have ".ebay.com" immediately before the first forward slash (/).

Always use a secure server when submitting credit card numbers Before submitting credit card numbers over the Internet, ensure that you are using a secure server. The beginning of the web address in your browser window should be "https://" and not "http://". For secure server pages, you should also see a "lock" icon at the bottom of the browser.

Do not send sensitive personal information via email eBay will never ask you to send your account password or other sensitive personal information such as credit card numbers in an email. Some deceptive emails will ask you to enter your password or sensitive personal information directly into a form within the email in an attempt to defraud you - don't do it.

When in doubt, use the eBay Web site Any doubt that the email really is from eBay? Simply open a new browser window, type www.ebay.com, sign-in, and use the "site map" link to navigate the site. And make sure you sign out when you are finished, especially if you are using a public computer.

Report suspicious email Help us keep our community safe. If you have any doubt whether an email is from eBay, forward the message to spoof@ebay.com immediately. Don't alter the subject line or forward the message as an attachment - doing so makes it more difficult for us to react quickly.

Contact your bank or credit card company If you have already replied to a fraudulent email with sensitive personal information or entered data through a fake Web page, contact your bank and/or credit card companies immediately to prevent identity theft. eBay also recommends that you check your Account and My eBay preferences periodically to ensure that no one has tampered with your account.

Educate yourself eBay's Help system provides detailed information about spoof emails, identity theft, and what to do if your eBay account has been compromised.

[Mixer]

Thanks for the heads up.

[Happy2BMe]

tnx

[Bob]

There's a similar scam being run spoofing PayPal. They've duplicated the look and feel of PayPal quite well. Big clue though -- it's not a secure site that you end up on.

[Ex-Dem]

http://www.freerepublic.com/focus/f-news/967638/posts

I remember this one from a while back. I don't know if it's the exact same scam or not (too lazy to read all of it again), but that thread explains how the fake eBay e-mail works.

[DittoJed2]

I've gotten the one from Paypal twice. It came to an email address I hadn't registered with Paypal with and asked all that personal stuff that they never ask over email. Reported it twice too.

[freeparoundtheclock]

bttt for spoofs@ebay.com. If you do sent a fraudulent email, (in case it wasn't covered above) Ebay wants you to leave the subject line "in tact". Do not add to it & forward it to spoofs@ebay.com.

The old we need to borrow your bank account for 15 million dollar scam is going around again from the UK. And, if you help them take care of their money, eventually you'll get your 5% cut.

If it sounds way too good to be true, forward those to law enforcement. (I know that freepers aren't that stupid to fall for it though).

[SheLion]

I've been getting quite a lot of these lately. I notified Ebay and they wrote back to forward the email to spoof@ebay.com.

Don't EVER give your information in emails like this email is requesting.

[spokeshave]

I got one a couple of days ago....when I eventually clicked it, went to "page not found" so I guess the hackers are busted.

[A_Niceguy_in_CA]

Here is a HTML copy of the email I received. You can enter a real (or bogus) ebayID and a real (or bogus) password and it will take you to a pop-up that'll request all your financial information.

From: "aw-confirm@eBay.com" To: "(Ommited)" <(ommited)@hotmail.com> Subject: eBay Security Request Date: Sat, 13 Sep 2003 16:35:21 +0200

Dear eBay User,      During our regular update and verification of the accounts, we could not verify your current information. Either your information has changed or it is incomplete.      As a result, your access to bid or buy on eBay has been restricted. According to our site policy you will have to confirm that you are the real owner of the eBay account by log in and complete the form that will pop up or else your account will be suspended without the right to register again with eBay. After you will login please verify your information in order to complete this verification. Thank you eBay Customer Support
eBay User ID	You can also use your registered email.
eBay Password	Forgot your password?
Having problems signing in? Get help now.

Announcements   |   Register   |   SafeHarbor (Rules & Safety)   |   Feedback Forum   |   About eBay
Copyright © 1995-2002 eBay Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners.

---

---

Sorry, the submit button doesn't appear when I copy the HTML to FR. (perhaps a security feature on FR's server?)....But the "fake" looks real and will lead you to a bogus "offical ebay looking page" asking for all your financial information.

[Technogeeb]

From the IP address, it looks like the scammer is from Norway. Other than forwarding it to Ebay, there isn't much you can do about it...

[freekitty]

Thanks and also watch out for those bank e-mails from Nigeria.

[SheLion]

Thanks for posting this to make others aware. It's a bunch of BS and I sure hope no one falls for this garbage!

[Malacoda]

I've gotten a couple of these from E-bay and PayPal. Funny, as I've never used either service.

I cannot believe, in this day and age, that there are still gullible sheep out there who would e-mail that kind of sensitive info out to anyone who requested it. People must be losing brain cells at an incredible rate.

[MarkL]

Good work... I caught something like this that appeared to be coming from Road Runner, the ISP, a while back. I tracked down the site to a hacked system at the University of Southern GA, and contacted the college systems administrators. They shut down that system in a matter of minutes.

Mark

[Bon mots]

How did you know that it's from Norway? Is there a directory, or a way to look up the string??
Just curious. THX

[staytrue]

I think you should respond with bad information, that way you can waste their time trying to log in on your account.

Spam the spammers.

[weegee]

I've found that it is increasingly difficult to contact ebay. It is all well and good that they have an email address to report these crooks to; why didn't ebay email this to all of their customers? I get a couple of ebay ADS a month, this ranks somewhat more important.

[Technogeeb]

How did you know that it's from Norway? Is there a directory, or a way to look up the string??

The various IP blocks were mostly allocated by IANA (Internet assigned number authority; back before ICANN took over). That particular IP happens to be one "owned" by KPNQwest in Oslo, Norway. There are various ways to find out the relevant information (some whois servers will provide the information, or you can use trace-route utilities, such as tracert on Windows, for example).