posted on July 22, 2004 08:15:01 PM
OK, how could this happen. I have never replied to a spoof email so when I got this I sent it on to [email protected]
Didn't give it a another thought, then went to my eBay account & tried to log in & couldn't. My password was invalid. Seems this one is for real.
eBay did not reply to the spoof email I sent, they usually do, right away.
Anyone have this happen to them & does anyone know what or why it happened???
Makes me mad because I do not want to change my password, but guess I have to.
Here is the eBay email:
[b]Subj: TKO NOTICE: eBay Password Reset - [email protected] Follow Instructions Immediately
Date: 7/22/2004 5:16:39 AM Eastern Standard Time
In order to protect the security of your eBay account, we have reset your password and secret question. This action was taken because your password may have been compromised. Sometimes this happens when members respond to an email asking for personal information. Although those emails appear to come from eBay, they are really sent by people attempting to gain access to your account. We appreciate your cooperation in working with us to protect your account by taking the following steps.
Since your password was reset, you will need to create a new password by following the instructions provided below. Until you complete this process, you will not be able to bid on or list an item.
1. Click on the "site map" link at the top of most eBay pages.
2. Click on the ¿I forgot my password¿ link located in the middle column under the ¿Services¿ heading.
3. Once you have reached the ¿Forgot Your Password?¿ page enter your User ID in the provided box and click on the ¿Continue >¿ button.
4. On the next page you will be asked to answer the Secret Question that you created at the time of registration OR provide one of three pieces of contact information from your eBay account. Since we have reset your Secret Question along with your password you will not have the correct answer to your secret question. Please proceed by supplying one of the three pieces of contact information requested then clicking the ¿Continue >¿ button.
5. An email with the subject line ¿Forgotten Password¿ will then be sent to the email addressed you have tied to your eBay account. Please log into your email account and click on the link supplied to you in the email that we have sent.
6. Once you arrive at that link you will be prompted to enter your User ID one more time, then enter and reenter your new password.
IMPORTANT: In addition to changing the password on your eBay account, please change the password on your personal EMAIL account. If your old eBay password was also the password for any other online account you use (PayPal, etc.), we recommend that you immediately change those passwords as well. To maintain password security, each one of your online accounts should have a different password. Even a slight difference (one letter or number) offers substantial protection.
SELLERS: After creating your new password on eBay you will need to update the eBay password that is stored within any auction/listing software that you may use to list your items, relist your items, or add information to your listings. Taking this step will ensure that your current and future listings run without interruption.
Taking these steps will ensure you are the only one that has access to your account. Also, please remember the following guidelines when it comes to password security:
1. Make sure your password is difficult to guess, and uses a combination of letters and numbers.
2. Don't use the same password on eBay that you use on your email account, or on other Web sites.
If you need help with this situation, please reply directly to this email and we will assist you in any way necessary.
To learn more about protecting your eBay account, please visit eBay¿s Security Center by clicking on the ¿Safe Trading Tips¿ link at the bottom of any eBay page. The Security Center contains information about protecting yourself from Spoof (fake) emails, buying safely, selling safely and many other important eBay safety issues.
Thank you for your cooperation and patience in this matter.
Regards,
Customer Support (Trust and Safety Department)
eBay Inc[/b]
posted on July 22, 2004 08:26:52 PM
That is way too weird. I can understand if you had replied to a spoof. How else could they have gotten your password?
posted on July 22, 2004 08:35:02 PM
meadow, I have no idea & I haven't listed any auctions for more than two months, been doing a lot of shopping instead.
As I said I am very aware of spoofs, both eBay & PayPal thanks to posters on VD
posted on July 22, 2004 08:45:25 PM
As a rule of thumb, it's a good chance it's real if an e-mail gives you instructions to login to the site and use the instructions within the site (and doesn't ask you to click on a link in the e-mail).
I know I would have thought it a spoof as well, but it was pretty well written and longer than most spoofs. Also, it didn't ask you to use a link in the e-mail to enter anything. When it mentioned to go to the site map on the top of most eBay pages -- it's a good idea to go to the site directly and take a look.
Another way to protect yourself in a case like this -- open a brand new browser instance, type the url for eBay -- ie. http://www.eBay.com . That way, you're not getting any "helping" hand from that suspect e-mail.
I hope you get it straightened out and no major harm comes to you or your account. I've got my fingers crossed for ya.
Wayne
Never explain -- Your friends do not need it and your enemies will not believe you anyway.
~ Elbert Hubbard
Don't know if this will help or maybe you've already tried phoning, but here are some numbers for eBay. They're from last year so I'm not even sure they're still valid.
posted on July 22, 2004 09:20:46 PM
Thanks Wayne & Lucy. So far my account is OK & both suggestions are good ideas.
I can sure use those phone numbers too.
If eBay gives me an explanation I will post it.
posted on July 22, 2004 10:00:20 PM
The fact that they ask you to log into Ebay and change your password is perfectly safe. What would concern me is where they mention that you will be sent an email with the header "Forgot your password" in which they will ask you to click a link and enter your user ID and new password. I would be very suspicious of this. I have sent many spoof emails to Ebay and the replys I have received indicate they will never send an email to a user with a link to a page that asks for a password. When that email comes, I would forward it to [email protected] to verify it before I clicked on the link and gave my password. This could be a very elaborate and well designed next generation phishing scam.
A $75.00 solid state device will always blow first to protect a 25 cent fuse ~ Murphy's Law
posted on July 22, 2004 10:43:18 PM
Lucy...I know McJane wouldn't fall for a spoof email scam and give it to them, so someone has either guessed it and made it invalid so they can eventually hijack the account, or someone has targeted her and repeatedly tried to access her account with a dictionary attack. The second scenario is the most likely if the email is legit. The first is most likely if the email is a spoof.
McJane, could you post the headers to that email you received? There are several on this forum who can tell you not only where it originated, but what color eyes the sender had if they can see the header information.
A $75.00 solid state device will always blow first to protect a 25 cent fuse ~ Murphy's Law
posted on July 22, 2004 11:30:09 PM
McJane...I don't profess to be an expert, or even an intermidiate amateur, at reading headers and interpeting them, but my gut feeling is that this email is a spoof. I am particularly disturbed by the fact that this appears to have originated from an AOL address, or to have gone through an AOL gateway on at least 2 occasions. Maybe tomorrow someone who is more experienced at deciphering headers will come in and let us know who sent this.
A $75.00 solid state device will always blow first to protect a 25 cent fuse ~ Murphy's Law
posted on July 22, 2004 11:49:02 PM
McJane,
Did you say that you cannot log in to your ebay account? There is a good chance that ebay has assumed that you wrote the spoof.
Remember the spoof I posted for you to see that didn't have any spelling mistakes? Well, because of that post and that page that I put up for the Vendio crew, Ebay contacted my ISP and told them that I was committing cyber crime by sending spoofed emails and stealing passwords. According to ebay they also reported me to the FBI. My lawyer is working on a defamation case right now. And funnily enough I have not heard from ebay again either. I guess they will get really vocal soon though. So be careful about how you send stuff to eBay and how you warn other people. Being a good samaritan is not always appreciated apparently.
Regards,
Adrian
I forgot to mention that all this occurred after I had reported the spoof to ebay in the first place and had a reply from them confirming it.
[ edited by zircon4 on Jul 22, 2004 11:50 PM ]
posted on July 22, 2004 11:51:54 PM
Here is the info for the ISP #'s.
172.18.180.132
OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US
NetRange: 172.16.0.0 - 172.31.255.255
CIDR: 172.16.0.0/12
NetName: IANA-BBLK-RESERVED
NetHandle: NET-172-16-0-0-1
Parent: NET-172-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment:
RegDate: 1994-03-15
Updated: 2002-09-12
OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: [email protected]
OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-07-22 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
66.135.197.21
OrgName: eBay, Inc
OrgID: EBAY
Address: 2145 Hamilton Ave
City: San Jose
StateProv: CA
PostalCode: 95008
Country: US
OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: [email protected]
10.6.61.155
OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US
NetRange: 10.0.0.0 - 10.255.255.255
CIDR: 10.0.0.0/8
NetName: RESERVED-10
NetHandle: NET-10-0-0-0-1
Parent:
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment:
RegDate:
Updated: 2002-09-12
OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: [email protected]
OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: [email protected]
# ARIN WHOIS database, last updated 2004-07-22 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database
posted on July 23, 2004 12:07:43 AM
sparkz,
Funny I noticed that AOL too, just thought it was strange, eBay & AOL ???
zircon
Yikes, all I did was forward that email to spoof & they didn't acknowledge it either & they usually do, right away. If I was sending spoofs I certainly wouldn't send one to eBay. They should know that, I hope.
I do remember your post & have to wonder why eBay would think you originated it. No, I cannot get into my eBay account. I am now INVALID.
I am going to use Lucy's phone numbers tomorrow, call eBay, & see what they have to say.
kiara,
what does all that mean, do you understand that, is it good or bad.
You guys are really bright, none of it means anything to me & I am so grateful for your help, truly.
posted on July 23, 2004 04:18:24 AM
What I find amusing (NOT!) is that when you change your password in eBay, they DO send you an email asking you to click on the link and confirm your password. Every time I change my password (which is every other month), I get one of these emails. I sent one of them to spoof once and they confirmed it was from them.
Now, they tell you not to click on links in emails, but they send one to you expecting you to do just that.
Cheryl
God grant that not only the love of liberty but a thorough knowledge of the rights of man may pervade all the nations of the earth, so that a philosopher may set his foot anywhere on its surface and say: This is my country. - Benjamin Franklin
posted on July 23, 2004 07:21:19 AM
To me it looks like it's from ebay and the other ISP # looks like the one that it was routed through for the "spoof" or abuse e-mail that was sent to ebay...... not sure if that makes sense.
I got one of these a couple of years ago and I can't remember exactly but I think it was because someone with a similar user ID tried to log into my account by mistake (or perhaps it was someone just trying to hijack my account) but after 3 or 4 times of trying eBay's system rejected it The password was reset and they notified me to choose a new password and all was okay.
If in doubt, just e-mail ebay and ask them to verify it. Hopefully they will get back to you before the weekend.
Edited to add that if you are unsure you can e-mail eBay from one of the links here or go to Live Help. Let us know how it turns out.
posted on July 23, 2004 12:46:18 PM
Sounds right about the email being re-routed so that explains the AOL connection. So it's real, but I still don't know exactly what happened.
Teacher, I know wmconnect is managed by AOL, my son told me about it a year ago & I switched right away. It's a clone except without the keyword search which I never used anyway & it's less than half the price. I've told many an AOL user to smarten up & switch, some do, but it amazes me how many people don't.
posted on July 23, 2004 01:44:38 PM
It is not a spoof. I've had a couple of real TKO notices from eBay, where I've just had to change my password. I've narrowed the problem to being caused by items that I have relisted that still have old PayPal logo with java script that goes along with the logo. For some reason, eBay's filters pickup the old java script, and assume it violates listing policy (illegal script in listings). Of course, that may or may not be the reason you got the TKO. hope that helps - Steve
posted on July 23, 2004 01:56:00 PM
Hey, I got that one last week! I pretty much ignore these with the logic that if there is actually a problem, I will have an interruption in my ebay account. I never have had one.
posted on July 23, 2004 01:57:25 PM
Hey, I got that one last week! I pretty much ignore these with the logic that if there is actually a problem, I will have an interruption in my ebay account. I never have had one.
It certainly was from eBay. My PW has now been changed & everything is up & working again.
Here is the email I received from eBay, no explanation as to what & why this happened, of course.
Thanks so much for all the help & advice.
Hello,
Thank you for writing to eBay.
We administratively reset your password because your eBay account
password had been compromised. Please be assured that resetting your
password was necessary to prevent any unauthorized activity. This
process allows us to give back sole control of the account to you with
the assurance that your account will remain safe in the future. While
we cannot disclose the investigative procedures that led us to this
action, we hope you feel confident that we acted in your best interest.
In an effort to resolve this situation quickly, we requested a temporary
password for your eBay account. You should have received a separate
email with your temporary password and instructions on how to change
that temporary password to one of your choice. If you did not receive
this email, please follow the step-by-step instructions below to regain
access to your account:
- Click on the site map link (located at the top of any eBay page)
- Scroll under the "Services" section
- Click on the "I forgot my password" link located in the middle column.
After entering your User ID on this page, you will be prompted to answer
at least one of a number of questions related to your account. Once you
have answered at least one of the questions provided, an email will be
sent with instructions to allow you to complete your password change.
If you do not receive the email, please check your email account as well
as any spam filters that may be preventing the receipt of this email.
Your email service provider will be able to instruct you on how to
change your spam filters if you need assistance. After you have taken
these steps, please repeat the instructions outlined above to complete
your password change.
If you have any difficulty with this process, please respond to this
email and we will be happy to help you through the process
Thank you for being part of the eBay community.
Regards,
Ralph
eBay SafeHarbor
Investigations Team
______________________________
posted on July 23, 2004 06:00:48 PM
oh great - they EMAILED you your password! How secure is that?!
So ltray returned from vacation and found when she tried to login to her PP that they had reset her password because of ?? Numerous login attempts is the only thing we can think of.
posted on July 23, 2004 06:09:31 PMoh great - they EMAILED you your password! How secure is that?!
Read a little farther: It's a temporary password that requires verification by answering one or more questions that presumably only mcjane knows the answer to.
Short of taking a DNA sample when you initially register with eBay, I'm not sure what more they can do.
posted on July 30, 2004 01:49:03 AM
Ebay and Paypal will always address you by your full name.....which is why you should never get "Suckered:, by a Spoof mail
This is the real deal...I received the same a while back when my account was hijacked.
How was it hijacked? They had guessed my password, which I had stupidly made easy so I could remember it Once hijacked, they used my seller id to post an auction for a motorcycle. I found out when I tried to login and couldn't get in. I logged onto the live Ebay help, and they were able to tell me what was going on, in addition to what I needed to do. Within an hour of discovery I was back in, the thieving bastard's auction was pulled, and I had learned a valuable lesson.
"Who's tending the bar? Sniping works up a thirst"
Sniping works up a thirst"