posted on January 18, 2003 05:40:11 PM new
Hi everyone:
Received an E-mail asking for me to update all verification info.
The link's below.
I'm sure it's a scam does anyone have an Ebay address I could forward it to?
posted on January 18, 2003 05:48:46 PM new
You know, Ebay always says they will never ask you for your password, not to mention SS#, DL#, etc. Mother's maiden name?
I have heard about these emails all the time and have yet to receive one. I wonder what kind of mailing list you are on and why. Perhaps it pertains to the kind of items you sell or buy. They must be targeting certain audiences, like sellers of high end goods or something.
It does look mighty convincing, just like much of ebay's setup.
posted on January 18, 2003 06:01:13 PM new
Wendy - that are using ebays coding - a very simple thing to grab then launcing from a remote location. I've seen this scam a lot with a popular game site but not for ebay. They got pretty in depth there with the maiden name, DL, etc. That one is more than just grabbing an account, that one is full on identity theft material.
posted on January 18, 2003 06:28:00 PM new
Here is the header:
Return-Path: <[email protected]>
Received: from mr04.mrf.mail.rcn.net (207.172.4.23 [207.172.4.23])
by ms02.mrf.mail.rcn.net (Mirapoint Messaging Server MOS 3.2.2-GA FastPath)
with ESMTP id AOT84378;
Sat, 18 Jan 2003 13:13:26 -0500 (EST)
Received: from mx04.mrf.mail.rcn.net (mx04.mrf.mail.rcn.net [207.172.4.53])
by mr04.mrf.mail.rcn.net (Mirapoint Messaging Server MOS 3.2.2-GA)
with ESMTP id AUD99246;
Sat, 18 Jan 2003 13:13:25 -0500 (EST)
From: <[email protected]>
Received: from tambor.dsi.uminho.pt ([193.137.8.102])
by mx04.mrf.mail.rcn.net with smtp (Exim 3.35 #4)
id 18ZxTA-0001eP-00
for dadofstickboy@; Sat, 18 Jan 2003 13:13:25 -0500
Received: from 193.137.8.102 (unverified [63.104.239.199]) by tambor.dsi.uminho.pt
(EMWAC SMTPRS 0.83) with SMTP id <[email protected]>;
Sat, 18 Jan 2003 18:03:25 +0000
Message-ID: <[email protected]>
Subject: eBay Verification #37286
Sender: "[email protected]" <[email protected]>
Mime-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Date: Sat Jan 18 13:12:54 2003
Content-Transfer-Encoding: 8bit
X-Spam-Warning: This message was accepted from a host or IP address which
is listed on one or more email blocking lists. Please see
http://www.mail.rcn.net/external/x-header/ for more information
X-Spam-Warning: [ORDB] This mail was handled by an open relay - please visit <http://ORDB.org/lookup/?host=193.137.8.102>
posted on January 19, 2003 08:57:20 AM new
These peole really are naive! You can waltz right into their root directory if you want. Here's how- go to URL
http://63.104.239.199/~iceroot/
and then delete the filename /~iceroot/ in the address bar and hit "go" again. You will be looking at the root index for the server. Click on folder and see what's in it...
My host tells me these are most likely teenaged boys running a home computer as a server.
Is there an FBI address to send these things to, or anything?
"And All Shall be Well, and All Shall be Well, and All Manner of Things Shall be Well"
posted on January 20, 2003 12:06:04 AM new
I sent it on to Ebay.
They assured me it was not from them, and they would be looking into it.
I hope they nail the A-Hole to the wall.
Someone else may have been gulible enough to fill it out.
I was sure it was a scam,but it sure looked real!
Would have been easy to fall for.
posted on January 20, 2003 09:13:37 PM new
They are beyond amateurs - they left their
crontabsPhp schedular wide open and not password protected that was forwarding all the responses if any(but you never know bridges are still being sold everyday) from the server to their PC's I overwrote their settings and left them a little message.
But their probably not bright enough to figure it out.
