ebay phishing alert !

ErnestoJuan · 11th June 2006, 01:15 PM

Hi all,

To let you know that I just received a FAKE ebay message, I have forwarded the original to spoof@ebay.com.

Title and body:

Please update your account untill 20 June 2006

It has come to our attention that your eBay billing updates are out of order. If you could please take 1-2 minutes out of your online experience and update your billing records you will not run into any future problems with the online service. However, failure to update your records will result in account termination. Please update your records.

Once you have updated your account records your eBay session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service (TOS) violations or future billing problems.

To update your eBay records now click here:
http://signin.ebay.com/ws2/eBayISAPI.html

The sender (probably hijacked) smtp is located in Florida, the HREF points to:

href="http://ss4.newseoul.com/.signin.ebay.com/ws2/eBayISAPI.html .

which is registered by these bastards:

Registrant:
softcan (NEWSEOUL-COM-DOM)
5F building-chungjung 32-11 chungjungro-3ga
seodaemun-ku
Seoul, 120013
KR
82-2-392-3096
peteryun@softcan.com

Domain Name: NEWSEOUL.COM
Status: PROTECTED

Administrative Contact:
peteryun peteryun@softcan.com
5F building-chungjung 32-11 chungjungro-3ga
seodaemun-ku
Seoul, 120013
KR
82-2-392-3096

Technical Contact, Zone Contact:
peteryun peteryun@softcan.com
5F building-chungjung 32-11 chungjungro-3ga
seodaemun-ku
Seoul, 120013
KR
82-2-392-3096

katana · 11th June 2006, 01:38 PM

Hi ErnestoJuan, I have had a number of these

, the give away is the e-mail is always addressed to 'dear member' or 'account holder' etc. in fact anything but your eBay username.
A sign of our technological age......highway robbery without the 'flintlock'

wolviex · 11th June 2006, 02:27 PM

Nothing new to me unfortunatelly. I'm receiving over 10 different fake messages per week, on different subjects, like: question on item, ebay security message, dispute console on unpaid item., etc, etc.

If message is real you'll have it on your MY EBAY messages.
If you're using outlook, thunderbird or other software BE SURE that after clicking on "Response" button real ebay page will appear. Those fakes are often beginning in address field as "www.yahoo. ....", or with different numbers looking like IP "http:// 215.146,..." etc.

Regards!

ErnestoJuan · 11th June 2006, 03:15 PM

Now I have a fake Paypal phishing message from the same @ssholes:

<TD><A href="http://ss4.newseoul.com/pp/update/secure/cgi-bin/webscrcmd_login.php"

><IMG height=35 alt=PayPal src="http://images.paypal.com/en_US/i/logo/email_logo.gif" width=255 border=0></A>
</TD></TR></TBODY></TABLE>

Rick · 11th June 2006, 04:45 PM

Quote:

Originally Posted by ErnestoJuan

Now I have a fake Paypal phishing message from the same @ssholes:

<TD><A href="http://ss4.newseoul.com/pp/update/secure/cgi-bin/webscrcmd_login.php"

><IMG height=35 alt=PayPal src="http://images.paypal.com/en_US/i/logo/email_logo.gif" width=255 border=0></A>
</TD></TR></TBODY></TABLE>

This one goes to spoof@paypal.com

I haven't received one of these in 6 months or so .
Looks like someone's gearing up for another onslaught of this crap .

Ian · 11th June 2006, 05:22 PM

Rick, you are either very lucky or have an excellent SPAM filter.

Like wolviex, I get a dozen or so of these a week, at home and at work. As noted below, these all have phoney URL links -- easy to spot most of the time (some are trickier than others) -- and if you look at the sources of the email (details at the top of the text that list originating server, etc.) these are not authentic either.

Ian.

Quote:

Originally Posted by wolviex

Nothing new to me unfortunatelly. I'm receiving over 10 different fake messages per week, on different subjects, like: question on item, ebay security message, dispute console on unpaid item., etc, etc.

If message is real you'll have it on your MY EBAY messages.
If you're using outlook, thunderbird or other software BE SURE that after clicking on "Response" button real ebay page will appear. Those fakes are often beginning in address field as "www.yahoo. ....", or with different numbers looking like IP "http:// 215.146,..." etc.

Regards!

Rick · 11th June 2006, 06:04 PM

Maybe it's my ISP Comcast ; they have their own spam filter or maybe it's Norton internet security; it's got a nice spam filter too ; not much gets through .

Then again I might just be lucky

; I do report every single one I get .

BSMStar · 12th June 2006, 07:33 PM

OK, here is my 2 cents worth...

Most of these things act as if you are logging on to an real site. Really, they are stealing you login and password. Now they got ya!

1. Never give out passwords or account information.
2. Look at the actual source of the email - not that it just looks like it came from eBay or Paypal or any banking institute.
3. I have heard that some overseas eBay sellers are sending fake Paypal logins too… just a rumor…

If you are not sure how to do that…

Do not input you real account or login the first time. If it accepts it, it is obviously a bogus site! (They do not know your account and password, they are just trying to steal it).

They will soon figure out that people are doing this, so you may want to input a bogus password the second time. If it is still rejecting you, then use you actual account and password on the third try.

Call me over cautious… but I would rather be safe than sorry.

Ferguson · 12th June 2006, 08:34 PM

I get several a week from Ebay, Paypal, and banks that I don't even do business with. Always go to your messages in My Ebay if you have any question. I even worry when I get an email saying that I've won the auction and get a link to pay from. Even then, I usually to Ebay, then the auction, and pay from there. If the bastids ever figure out how to get to people who just won an auction, they'll get a BUNCH of passowords.

Steve

ErnestoJuan · 12th June 2006, 09:11 PM

I don't want to start a slashdot - like troll or whatever, but being a paranoid IT guy for a long time 17+ years (currently infrastructure systems developer) , on my pc ( linux /xp dual boot) I NEVER use Windows XP for financial or other sensitive business.

I use XP for games - my favorite being Age of Empires

- thats all.. Regardless of disabled services, registry tweaks, antivirus and anti spyware and firewall software: I do not trust it for 100%.

Do I trust Linux for 100% ? No, but more than XP..

11th June 2006, 01:15 PM	#1
ErnestoJuan Member Join Date: Mar 2006 Location: Europa Posts: 60	ebay phishing alert ! Hi all, To let you know that I just received a FAKE ebay message, I have forwarded the original to spoof@ebay.com. Title and body: Please update your account untill 20 June 2006 It has come to our attention that your eBay billing updates are out of order. If you could please take 1-2 minutes out of your online experience and update your billing records you will not run into any future problems with the online service. However, failure to update your records will result in account termination. Please update your records. Once you have updated your account records your eBay session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service (TOS) violations or future billing problems. To update your eBay records now click here: http://signin.ebay.com/ws2/eBayISAPI.html The sender (probably hijacked) smtp is located in Florida, the HREF points to: href="http://ss4.newseoul.com/.signin.ebay.com/ws2/eBayISAPI.html . which is registered by these bastards: Registrant: softcan (NEWSEOUL-COM-DOM) 5F building-chungjung 32-11 chungjungro-3ga seodaemun-ku Seoul, 120013 KR 82-2-392-3096 peteryun@softcan.com Domain Name: NEWSEOUL.COM Status: PROTECTED Administrative Contact: peteryun peteryun@softcan.com 5F building-chungjung 32-11 chungjungro-3ga seodaemun-ku Seoul, 120013 KR 82-2-392-3096 Technical Contact, Zone Contact: peteryun peteryun@softcan.com 5F building-chungjung 32-11 chungjungro-3ga seodaemun-ku Seoul, 120013 KR 82-2-392-3096

12th June 2006, 09:11 PM	#10
ErnestoJuan Member Join Date: Mar 2006 Location: Europa Posts: 60	no troll but .. I don't want to start a slashdot - like troll or whatever, but being a paranoid IT guy for a long time 17+ years (currently infrastructure systems developer) , on my pc ( linux /xp dual boot) I NEVER use Windows XP for financial or other sensitive business. I use XP for games - my favorite being Age of Empires - thats all.. Regardless of disabled services, registry tweaks, antivirus and anti spyware and firewall software: I do not trust it for 100%. Do I trust Linux for 100% ? No, but more than XP..

11th June 2006, 01:38 PM	#2
katana Member Join Date: Jan 2006 Location: Kent Posts: 2,653	Hi ErnestoJuan, I have had a number of these , the give away is the e-mail is always addressed to 'dear member' or 'account holder' etc. in fact anything but your eBay username. A sign of our technological age......highway robbery without the 'flintlock'

11th June 2006, 02:27 PM	#3
wolviex Member Join Date: Dec 2004 Location: Poland, Krakow Posts: 418	Nothing new to me unfortunatelly. I'm receiving over 10 different fake messages per week, on different subjects, like: question on item, ebay security message, dispute console on unpaid item., etc, etc. If message is real you'll have it on your MY EBAY messages. If you're using outlook, thunderbird or other software BE SURE that after clicking on "Response" button real ebay page will appear. Those fakes are often beginning in address field as "www.yahoo. ....", or with different numbers looking like IP "http:// 215.146,..." etc. Regards!

11th June 2006, 03:15 PM	#4
ErnestoJuan Member Join Date: Mar 2006 Location: Europa Posts: 60	Now I have a fake Paypal phishing message from the same @ssholes: <TD><A href="http://ss4.newseoul.com/pp/update/secure/cgi-bin/webscrcmd_login.php" ><IMG height=35 alt=PayPal src="http://images.paypal.com/en_US/i/logo/email_logo.gif" width=255 border=0></A> </TD></TR></TBODY></TABLE>

11th June 2006, 06:04 PM	#7
Rick Vikingsword Staff Join Date: Nov 2004 Posts: 6,293	Maybe it's my ISP Comcast ; they have their own spam filter or maybe it's Norton internet security; it's got a nice spam filter too ; not much gets through . Then again I might just be lucky ; I do report every single one I get .

12th June 2006, 07:33 PM	#8
BSMStar Member Join Date: Jan 2005 Location: Kansas City, MO USA Posts: 312	OK, here is my 2 cents worth... Most of these things act as if you are logging on to an real site. Really, they are stealing you login and password. Now they got ya! 1. Never give out passwords or account information. 2. Look at the actual source of the email - not that it just looks like it came from eBay or Paypal or any banking institute. 3. I have heard that some overseas eBay sellers are sending fake Paypal logins too… just a rumor… If you are not sure how to do that… Do not input you real account or login the first time. If it accepts it, it is obviously a bogus site! (They do not know your account and password, they are just trying to steal it). They will soon figure out that people are doing this, so you may want to input a bogus password the second time. If it is still rejecting you, then use you actual account and password on the third try. Call me over cautious… but I would rather be safe than sorry.

12th June 2006, 08:34 PM	#9
Ferguson Member Join Date: Dec 2004 Location: Kernersville, NC, USA Posts: 793	I get several a week from Ebay, Paypal, and banks that I don't even do business with. Always go to your messages in My Ebay if you have any question. I even worry when I get an email saying that I've won the auction and get a link to pay from. Even then, I usually to Ebay, then the auction, and pay from there. If the bastids ever figure out how to get to people who just won an auction, they'll get a BUNCH of passowords. Steve