Jump to content

spoof ebay email

Guest LilBambi

By Guest LilBambi
in Security & Networking

 Share

Recommended Posts

Guest LilBambi

Guest LilBambi

Posted
Posted

Be careful! Just received an email saying it was from ebay! It was not!Subject: Verify and update your eBay informationClaims to be from ebay support with an email address of: confirm-aw@ebay.comFirst, this email came to one of my email addresses that does NOT have an ebay account and never has.Second, thankfully I do not view HTML emails. So all the javascripts were never run.Third, I went to ebay's site and their Security section and they said if you have received an email that you suspect to be a spoof email, to send it to: spoof@ebay.com and they first sent a message saying they would look at it immediately. Within a few minutes they emailed again with a tracking number and the following information:

Hello,Thank you for contacting eBay's Trust and Safety Department about email solicitations that are falsely made to appear to have come from eBay. These emails, commonly referred to as "spoof" messages, are sent in an attempt to collect sensitive personal information from recipients who reply to the message or click on a link to a Web page requesting this information.  The email you reported did not originate from, nor is it endorsed by, eBay. We are very concerned about this problem and are working diligently to address the situation. We have investigated the source of this email and have taken appropriate action. You may rest assured that your account standing has not changed and that your listings have not been affected.  We advise you to be very cautious of email messages that ask you to submit information such as your credit card number or your email password. eBay will never ask you for sensitive personal information such as passwords, bank account or credit card numbers, Personal Identification Numbers (PINs), or Social Security numbers in an email itself. If you ever need to provide information to eBay please open a new Web browser, type www.ebay.com, and click on the "site map" link located at the top the page to access the eBay page you need.If you have any doubt about whether an email message is from eBay, please forward it immediately to spoof@ebay.com and do not respond to itor click on any of the links in the email message. Please do not change the subject line or forward the email as an attachment.If you entered personal information such as your password, social security number or credit card numbers into a Website based on a requestfrom a spoofed email, you need to take immediate action to protect your identity. We have developed an eBay Help page with valuable information regarding the steps you should take to protect yourself.To get to the "Protecting Your Identity" Help page from the eBay site, please click on the "help" link located at the top of most eBay pages and select the following topics when the "eBay Help Center" window appears: Safe Trading > If Something Goes Wrong > Identity TheftWe encourage you to review additional information about protecting your identity found in the eBay Help system. Please click on the "help" link located at the top of most eBay pages and select the following topics when the "eBay Help Center" window appears: Safe Trading > If Something Goes Wrong& > Account Theft > Account Protection Once again, thank you for alerting us to the spoof email you received. Your vigilance helps us ensure that eBay remains a safe and vibrant online marketplace.Regards, IaneBay SafeHarborInvestigations Team______________________________eBayYour Personal Trading Community ™
Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

Nathan,Not that I could see unless it was hidden in the .js script files.By the way, there were NINE javascripts within this email. Two of which referred to external .js scripts.

Link to comment
Share on other sites
Jeber

Jeber

Posted
Posted
eBay SafeHarborInvestigations Team
Cool...I want to work for them. I bet they're armed, or at least carry books about guns in a holster on their belt. :) "Howdy mam...I'm Jeber...eBay Investigations Team. People who have reported problems like yours also report problems with..." ;)
Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

Jeber? What no comment on eBay's spoof reporting email address? :) spoof@ebay.comIt's legit! Got it from their site when I typed in www.ebay.com and clicked on Help, Security. ;)

Link to comment
Share on other sites
Jeber

Jeber

Posted
Posted

Sorry, mam...only one stupid comment per thread unless it's in the Cooler. Have to have some rules, don't we? B) Maybe, "Officer Jeber..." ooo, even better... <_<

Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

LOL!Well, at least with Thunderbird and only viewing emails in text format or source code, I didn't have to worry about all those javascripts running. <_>

Link to comment
Share on other sites
Cluttermagnet

Cluttermagnet

Posted
Posted
LOL!Well, at least with Thunderbird and only viewing emails in text format or source code, I didn't have to worry about all those javascripts running.  <_<
I have taken a peek at times using Mailwasher. It also plays safe, displaying text only. It also gives you a bit of info as to the 'hijack' url's the various links and graphics links point to, which of course are clearly on the face of it not Ebay domains. The crooks also obfuscate URL's with non-text versions of url's to fool the unwary. I guess I have always been good at spotting spoof emails and emails with unwanted 'passengers' still sitting on my ISP server and zapping them right there. I think only one email with questionable attachment ever made it as far as my email client, and Norton promptly threw it in jail anyway. That particular email has been sitting on the HD of my P II 333MHz for like 2-3-4 years now, not bothering anyone but not 'get-atable', either. Of course, I have never used Outlook or OE, and stopped using IE years ago when it used to be my secondary browser after Netscape. B) The javascript exploits do worry me a bit, but I'm pretty good about using text-only email clients. I'm far more worried on the website side, as I do use mostly javascript-enabled browsers. I try to be a careful surfer, avoid the marginal-sounding stuff. Back when I used to bother and was getting at all excited about receiving the Ebay spoof emails, I sent one specimen along to Ebay Investigations or whatever, and to the best of my recollection, the reply email copied above from Ebay recently is identical to one they sent me like 2 years ago. (Is that a good thing or a bad thing?) I think they are virtually powerless against this onslought. Nothing has changed. Probably mostly originates in Russia. Those stupid enough to get caught up in this now old scam are getting nailed just as bad as folks were 2 years ago. One of the sad conclusions I reached was that in a few areas, this being one of several, Ebay was either powerless to do anything about certain stuff, or in other cases, was being a bit lax in enforcing infractions on the seller side, their being a big part of their profit centers. I'm not criticizing Ebay overall, as they actually do a pretty good job and it has become a great venue for a lot of folks including many sellers, a goodly number of buyers, Ebay management, and Ebay stockholders. It's still the golden goose, in many ways, but slower newbies still get cut out of the herd sometimes by the timber wolves who abound around such 'honeypots'. B)
Link to comment
Share on other sites
Cluttermagnet

Cluttermagnet

Posted
Posted
Come on, Cluttermagnet.  You've been typing too long.  Post already!  <_< Just kiddin' ya.  :)
Hah! I should log on as Anonymous. B) You are onto all my tricks, Jeebs. B)
Link to comment
Share on other sites
Cluttermagnet

Cluttermagnet

Posted
Posted
eBay SafeHarborInvestigations Team
Cool...I want to work for them. I bet they're armed, or at least carry books about guns in a holster on their belt. B) "Howdy mam...I'm Jeber...eBay Investigations Team. People who have reported problems like yours also report problems with..." <_<
Best laugh of the week! :lol:Oh, Officer Jeber- I want to report another questionable Ebay email. Hey, what is that thing in the holster? Is that the latest plasma ray weapon? It sorta looks like a book about engine tuneup timing lights, though. That's a very nice simulated leatherette binding- hey, why is that little red light blinking? Are you from the future? Can you get me a discount at Amazin dot net? Well, can you at least validate my modem's data rate? I've been receiving encouraging emails from the spam- filtering people- they all want me to sign up at very reasonable exorbitant rates (or was that sub- orbital?)Oh excuse me, Mom's calling...
Link to comment
Share on other sites
beeTee

beeTee

Posted
Posted

Dang, missed Clutter by 4 minutes. So go the time zones!! oh well!!The last newsletter from scambusters had a feature on this scam, or one very similar. you can check it out at Scambusters.com. It's a valuable site, for me, at least. Every time I get a questionable email, I go to their Urban Legends Page and usually find it.the site is also great for the serious warning emails you get from friends and relatives: WARNING!!!!!! My virus checker did not catch this one!!!!Check your computer for this file: jdbgmgr.exe. if it has a teddy bear icon, then you computer is infected with this virus.Delete this file immediately!!!!!Send this email to everyone in your address book to help your friends keep the world safe for democracy, or some noise like that!!!! B) <_<Edited by beeTee due of (good) advice from CM:

disclaimer-- the above is just an example of an actual email I recieved from a 2nd cousin.  do NOT delete that file on your computer. it is also not very good practice to send an email to everyone in your addressbook.  ok, sometimes, if you must.
Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

Speaking of Snopes:http://www.snopes.com/inboxer/scams/ebay.asp

Just like a scam perpetrated earlier this year using Citibank as camouflage, this one involves the spamming of messages which appear to be coming from eBay management itself. A typical message claims that the recipient's ability to sell or buy an item on Ebay has been restricted due to a problem with his account and requests that the user re-enter his account information through eBay's web site. The messages actually come from scammers, and the links in the messages don't actually go to eBay's web site — they take users to completely different web sites hosted on servers in Seoul, Korea, where the users are presented with what looks like an official eBay "Security Update" form but is actually a counterfeit form used by scammers to gather the eBay account information they've tricked people into supplying.
Lots more on the Snopes site. Been around since September but this is the first I have received it.
Scams that trick the gullible into revealing private information by having them "confirm" details presumably already in the possession of the one doing the asking fall under the broad heading of "social engineering," a fancy term for getting people to part with key pieces of information simply by talking to them. The wary consumer's best defense to such maneuvers is a zipped lip (or, in the online world, an untapped keyboard). Protect yourself by volunteering nothing, even if you feel somewhat pressured by the one doing the inquiring. If someone on the telephone asks you to read off your checking account number for "verification," ask him instead to recite it to you from his records. If you get an e-mail announcing something dire has befallen one of your on-line accounts and requiring you to re-enter sensitive personal data to get things back on track, do not reply to it, and do not fill out any forms that accompany it or click through any hot links it provides. Instead, contact that service through its web site and ask them about the e-mail. The con artists are getting more sophisticated all the time, so do not be too quick to mistake the appearance of legitimacy or authority with legitimacy itself. Just because an e-mail looks like it comes from an entity you do business with doesn't mean it's genuine, and just because you're being directed to a web page that looks like that entity's home page doesn't mean you're not being sent somewhere else. Beware the wolf in sheep's clothing lest you end up his dinner.
:blink:
Link to comment
Share on other sites
Cluttermagnet

Cluttermagnet

Posted
Posted

Watch out, beeTee-Some people will see the large red type and take you seriously. You know the type- they are in a dead run as they go through life, trying to live two lives for the price of one, trying to be all things to all people, trying to bring in 4 incomes with only 2 wage earners- all so they can afford the exorbitant initiation fee at the country club. Those folks are too busy to read the fine print, let alone to read for understanding. So if they are newbies at the computer, they might get suckered and actually take your advice and delete the teddy bear. Yikes! :lol:That is why it is always a good idea to put disclaimers at the ends of your writings: "Professional driver on closed track- do not attempt this at home. Your mileage may vary (YMMV). Close cover before striking. Do not feed the animals. Prices slightly higher in some jurisdictions. Not all borrowers will qualify for the lower rate. Some assembly required. Do not use indoors. Deliberately concentrating and inhaling the contents can be dangerous or fatal." And of course, the sagest advice of all: "Bozos who post in the Water Cooler should not be taken too seriously. Pace yourself. Remember to pause and laugh boisterously after every post". :ph34r: :w00t: >_< >_< I deleted the teddy bear in Win/Sys and there is now a countdown timer on my screen in a popup. It says: "Self Destruct Engaged. Windows will Self-Destruct in 180 seconds, 179 seconds, 178 seconds..."Happy day after turkey day! I got lucky and was invited to dine at the table of a really good cook. Boy was it good! Mmmmmmm!

Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted
A virus can easily be build with a .js file to invoke the Windows scripting host.
Yep, that's true.I really like AnalogX Script Defender to help with that possibility.Mark Thompson has lots of other great utilities at AnalogX as well. :( ---Cluttermagnet,I love that Water Cooler quote ... you will have to post that in the Water Cooler somewhere too. :(
Link to comment
Share on other sites
Cluttermagnet

Cluttermagnet

Posted
Posted
OK, CM.  THis is the second time tonight I defered to someone elses wisdom [/respect]. I edited the post.  Whadya think??  :w00t:
:w00t: Very good, beeTee-They will never take the warning seriously, now that you changed the typeface from red to purple! :lol: You can sleep a lot better tonight, now that you have made internet warnings safer for newbies! :P :lol:
Link to comment
Share on other sites
Cluttermagnet

Cluttermagnet

Posted
Posted
Cluttermagnet,I love that Water Cooler quote ... you will have to post that in the Water Cooler somewhere too.  :w00t:
OK, Fran-Will do. Do you mean the part about pacing yourself and laughing boisterously after every post, or the part about deliberately concentrating and inhaling Redi-Whip (aerosol whipped cream dessert topping) can be dangerous? :w00t:
Link to comment
Share on other sites
Cluttermagnet

Cluttermagnet

Posted
Posted
Edited by beeTee due of (good) advice from CM:
disclaimer-- the above is just an example of an actual email I recieved from a 2nd cousin.  do NOT delete that file on your computer. it is also not very good practice to send an email to everyone in your addressbook.  ok, sometimes, if you must.
Ooooh! I like the disclaimer box, beeTee! You are a fast study on the finer points of avoiding or containing any damage caused by carelessly worded *Dire Warnings*!!! :) Now quick- email all your relatives and tell them it was only a false alarm and to go back to deleting whatever other stuff their friends had warned them about before. :) :)
Link to comment
Share on other sites
  • 2 weeks later...
linuxdude32

linuxdude32

Posted
Posted

Kmail, be default will not display HTML email and even warns you that it could open a security hole to do so. The nice thing about it is that you can turn on HTML on a folder by folder basis so you can get HTML newsletters, filter them into those folders and read them safely there.The other thing to remember is that *no* company will ask you via email to login and confirm your login information, well except @Home, if anybody remembers them. :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...