7th December 2005, 09:47 PM | #1 |
Member
Join Date: Dec 2004
Location: Kernersville, NC, USA
Posts: 793
|
New (to me) variant of fake Ebay email scam
I'm sure most of you folks have seen the fake emails from Ebay that are "phishing" for your username and password. I get several from ebay, paypal and various banks everyday. But I got one today that darn near fooled me. It was what looked like a message from an ebay member. They were asking why I had bid on an auction and hadn't paid for it. They mentioned negative feedback if I didn't respond. I've won several small auctions lately and wondered if I had made a mistake. I mean this thing looked absolutely real. So I clicked on the link to the auction and up popped an ebay login screen. Screech!!! My mind finally clunked in gear and I didn't type anything. Noticed the URL and it wasn't Ebay. Dayum. That one just about got me, and I'm about the most suspicious and cautious computer user out there. I do the security for our network for goodness sake. The bastids almost got me this time. Forwarded the email to spoof@ebay.com and got a slightly different response from normal saying that these emails often contain a keystroke logger virus. Fortunately this one didn't. So if you get an email from an ebay member that you aren't expecting, check your messages on Ebay itself to see if it's legit.
Steve |
7th December 2005, 11:59 PM | #2 |
Member
Join Date: Nov 2004
Location: USA
Posts: 1,725
|
Thanks for the heads-up, Steve.
|
8th December 2005, 03:11 AM | #3 |
Member
Join Date: Dec 2004
Location: Greensboro, NC
Posts: 1,083
|
Steve,
I have also had the same thing happen to me recently but with a slightly different twist. It stated they were glad they won my auction and would be sending payment soon and they had a link attached to the e-mail. I knew I wasn't expecting any money so rather than use the link(thank goodness) I wrote down the Ebay # and user ID and when I checked those against Ebay they were from an User ID that had a bunch of negative feedback and was no longer a registered user. While on the topic, I will share another one. I had a few items up for auction recently and I had someone contact me via the Ebay member contact and they stated they were very interested in my auction. They stated they would like to have someone handle the shipping and they would like my address to arrange for pick up. I let them know that if they won I would make arrangements for shipping. When they followed up again that they needed my address I got a bit suspicious. I let them know that if they won the auction, I would make arrangements to meet someone but I would not give out my address. The Ebay ID had no feedback at all and I did receive a e-mail from Ebay warning that some people use the member contact through Ebay to get e-mail addresses and if anyone is willing to share, more than that. Got to be careful these days. |
8th December 2005, 01:34 PM | #4 |
Member
Join Date: Dec 2004
Posts: 175
|
Thanks,for the heads up.I seem to be getting more and more of these and they've gotten really good at making them look real.
A few months ago I was getting email after email telling me that my account info had expired and if I didnt change my info, my account would be suspended.These looked very genuine but my account didnt have ANY information on it that could have expired. |
8th December 2005, 04:18 PM | #5 |
Member
Join Date: Dec 2004
Posts: 221
|
Same with Paypal, their official emails state your full name, the fakes don't.
|
8th December 2005, 05:44 PM | #6 |
(deceased)
Join Date: Dec 2004
Location: OKLAHOMA, USA
Posts: 3,138
|
I HAVE ALSO GOTTEN BOGUS EMAILS HAVING TO DO WITH EBAY AND PAYPAL. IF THEY ASK A QUESTION ABOUT MY INFORMATION I JUST FORWARD IT TO SPOOF@PAYPAL OR EBAY, SO FAR EVERY ONE OF THEM HAS BEEN A SCAM. RECENTLY I HAVE ENCOUNTERED LOTS OF EMAILS THAT SAY MY EMAIL WAS NOT DELIVERABLE TO THIS OR THAT I LOOKED AT ONE AND IT DIDN'T GIVE ANY INFO ON ANYONE I HAD RECENTLY SENT EMAIL TO SO NOW I AUTOMATICALY DELETE ALL SUCH EMAILS. I DELETE MANY MORE EMAILS THAN I OPEN SO IF A FORUM MEMBER I DID NOT KNOW DID EMAIL ME HE SHOULD PUT SOMETHING IN THE TOPIC TO GET MY ATTENTION, VANDOO PERHAPS AS THE TRICKSTERS HAVEN'T USED THAT YET.
ITS FRUSTRATING THAT THE NO GOOD PEOPLE CAN MAKE SO MUCH TROUBBLE AND THERE SEEMS TO BE NO WAY TO MAKE THEM PAY FOR THEIR SINS AT LEAST NOT UNTILL JUDGEMENT DAY. |
8th December 2005, 06:07 PM | #7 |
Member
Join Date: Dec 2004
Posts: 987
|
I haven't gotten the fake sale/purchase yet, but I have gotten the undeliverable e-mail ones. The fact that the attachment is a zip file was a pretty big pointer.
The cleverest ones I have seen so far (sort of like this new e-bay one), are the ones that just inform you that something has changed in your user profile, like an address or e-mail or a new credit card (that is the best one IMO -- reverse psychology) being added. All very official looking, and I am sure that if you go to the provided link it will look just like BidPay or PayPal or whatever -- but once you have tried to log in, they have all the information they need. One even came from a domain with "PayPal" in the name, but with a foreign country code rather than ".com." The genius is that they don't ask you to confirm or check anything. They rely on your puzzlement at the announcement to check it out. I verified the fraud by going directly to PayPal (not using their link), and checked to make sure everything was unchanged. |
|
|