posted on August 2, 2004 08:24:52 PM new
I got this message tonight. I sent it to [email protected], but have had no reply after several hours. I have had problems logging into my account in the last 2 days, and had to change my password, so I am wondering if it is genuine, but I am very leary of these emails. Any help would be greatly appreciated.
You have received this email because we have strong reason to believe that your eBay account had been recently compromised. In order to prevent any fraudulent activity from occurring we are required to open an investigation into this matter. To speed up this process, you are required to verify your eBay account by following the link below.
https://signin.ebay.com/saw-cgi/eBayISAPI.dll?SignIn&UsingSSL=1
(To complete the verification process you must fill in all the required fields)
Please Note: If your account informations are not updated within the next 72 hours, then we will assume this account is fraudulent and will be suspended. We apologize for this inconvenience, but the purpose of this verification is to ensure that your eBay account has not been fraudulently used and to combat fraud.
We appreciate your support and understanding, as we work together to keep eBay a safe place to trade.
Thank you for your attention on this serious matter. We apologize for any delay in resolving this situation.
Regards,
Morris Franklin
eBay SafeHarbor
Investigations Team
posted on August 2, 2004 08:32:18 PM new
Headers? Headers, anyone?
Here's another quick way to tell if it's a spoof:
Look at the HTML. If, after "http://signin.ebay.com/etcetcetc" there's something that looks like "http://123.45.67.123/", it's a spoof.
You guys really are going to have to learn how to read these. The problem is only going to get worse. eBay has demonstrated an amazing lack of interest in doing anything about it, so you'll have to learn how to protect yourselves.
posted on August 2, 2004 08:39:14 PM new
Here is the header.
Return-Path: <[email protected]>
Received: from toip4.bellnexxia.net ([209.226.175.87])
by tomts32-srv.bellnexxia.net
(InterMail vM.5.01.06.10 201-253-122-130-110-20040306) with ESMTP
id <20040803012535.VBIV55.tomts32-srv.bellnexxia.net@toip4.bellnexxia.net>
for; Mon, 2 Aug 2004 21:25:35 -0400
Received: from mail.energotusimice.cz (HELO gw.energotusimice.cz) (212.80.84.201)
by toip4.bellnexxia.net with ESMTP; 02 Aug 2004 21:25:32 -0400
Received: from gw.energotusimice.cz (localhost [127.0.0.1])
by gw.energotusimice.cz (8.11.6/8.11.6) with SMTP id i737LGr01279
for Tue, 3 Aug 2004 09:21:16 +0200
Message-Id: <[email protected]>
Content-Type: text/html; charset="iso-8859-1"
Date: Tue, 3 Aug 2004 09:21:15 +0200
Content-Transfer-Encoding: quoted-printable
Subject: TKO Notice: Urgent Fraud Investigation
To:
From: [email protected]
Mime-Version: 1.0
posted on August 2, 2004 08:46:14 PM new
You don't even have to check the headers. It's a spoof, and a poor one at that. Definitely oriental in origin. If your account "informations" are not updated in the next 72 hours. First, they would suspend access to your account immediately if they felt it had been compromised. They're not going to give anyone 72 hours to cost them money. They won't give 7.2 seconds if they think it's going to cost them. And they sure as hell are not going to send you an email with a link to enter confidential information they already have on file. If there's a problem, they will direct you to login to their site. And don't forget, they have your phone number to contact you if they feel your account has been compromised. Any request from Ebay for any personal information will direct you to login to www.ebay.com first.
A $75.00 solid state device will always blow first to protect a 25 cent fuse ~ Murphy's Law
posted on August 2, 2004 08:50:37 PM new
Space Family Robinson.
Also, Let me mention that a friend just got an email today that contained the subject line, 'I paid you'. To make a long story short, his restore disk worked. All he did was read the email.....
posted on August 2, 2004 08:50:42 PM new
Thanks everyone, I got really spooked by this one. Several times over the last few days, when I put in my password, it came up as invalid, so there was a problem. I guess I was over anxious and didn't check this spoof thoroughly like I usually do. I appreciate all the help you all give, it can get pretty scary at times for older people like me who are not as up on these things as some of you.
posted on August 2, 2004 09:51:46 PM new
Parklane,
Elaborate: did he read his email that arrived onto his ISP email account using Outlook or other client side email software?
If this is the case, then yes, good chance you can open stuff up w/o even knowing it.
I have said it here before: instead of paying a photo host service, get a good web host and have your email through them. I can read email that is to me at my web addy with the same kind of interface that yahoo has, a hybrid client/host SAFE way to dump/filter garbage.
If it's legit and you need a file you can save/forward/whatever you need to do.
Or do yahoo, the hassle's with AOL are minimal compared to the headache of a wipe out of a hard drive.
Yahoo spammifies my spoof junk, most of the time, but at least when I open "I haven't paid you yet..." my worries are few.
"Now, the kitchen is to be white. Not a cold, antiseptic hospital white. A little warmer - but still, not to suggest any other color but white."
- Murial Blanding
posted on August 3, 2004 04:04:48 AM new
Hi Amber! I get about five of these a week. Usually, there are grammar and spelling errors. Some purport to be from eBay, some from PayPal. Just DON'T click on anything in the e-mail, and if you are a bit unsure - just go to your accounts and check 'em out. I forward them to [email protected] or [email protected], and get a return e-mail within the hour. The e-mail is just an auto message. I don't know what eBay/PayPal can do with these spoofs that originate outside the U.S. Perhaps Interpol? I think it would be great if eBay and PayPal had a message feature within one's account, where they could inform one of any problem.
posted on August 3, 2004 04:31:53 AM new
Hi again Earthmum, yes, I usually do the same, but I sent this one twice, over 12 hours ago, and still no reply. When I had problems signing in at the weekend, the thought went through my mind that someone had got into my account, so this particular spoof coincided with that, and made me think it might be real. I NEVER click on links, I did go the the site and sign on securely, and checked that all my personal information was correct.
posted on August 3, 2004 08:23:45 AM new
"Thank you for your attention on this matter" Should be "to this this matter". I get these spoofs all the time. Even got one with my e-mail address this weekend. Essentially they all say the same thing using very poor syntax.
buyhigh
EXCEPT that instead of using a reference that looks like "My marcs-garage auctions",
they use one that looks like a genuine URL ( "http://signin.ebay.com" ). What it really points to is their server, all set up and ready to capture your password.
Any questions?
--
[ edited by iareateacher on Aug 3, 2004 09:14 AM ]
posted on August 3, 2004 03:37:05 PM new
This is the first response I received from Ebay about 3 minutes after I forwarded the above to [email protected] :
Thank you for contacting us about a potential fraudulent (spoof) email
or Web site. We will investigate this situation immediately and inform
you of the results in a separate email. If you are reporting an email or
a Web site that is asking for personal financial information, it is best
to assume it is fake until you receive a response from us.
In order to reply as quickly as possible, we are sending you an
automated response about the following topics:
1. IDENTIFYING FAKE EMAILS AND WEB SITES
2. USING EBAY TOOLBAR WITH ACCOUNT GUARD
3. PROTECTING YOUR ACCOUNT AND INTERNET SECURITY
Please submit other questions or concerns through our Contact Us System,
which can be accessed by clicking on the "help" button on the top of any
eBay page. This allows us to dedicate our resources appropriately.
1. IDENTIFYING FAKE EMAILS AND WEB SITES
The best defense against fake emails and Web sites is learning how to
spot them. You can learn more about fake emails and Web sites through
our Spoof Tutorial at the following Web page:
http://pages.ebay.com/education/spooftutorial/
2. USING EBAY TOOLBAR WITH ACCOUNT GUARD
One of the best tools to protect yourself from fraudulent (spoof) Web
sites is eBay Toolbar with Account Guard. The Account Guard feature
indicates when you are on an eBay or PayPal Web site and warns you if
you are on a known spoof site. To learn more about eBay Toolbar with
Account Guard open a new browser and type www.ebay.com/ebay_toolbar into
the address bar.
3. PROTECTING YOUR ACCOUNT AND INTERNET SECURITY
We recommend that you keep your browser, operating system, and virus
protection software up to date. Check for updates at the "Windows
Update" link on www.microsoft.com and scan your computer for viruses
often.
If you think your personal information has been compromised in any way,
you should take immediate steps to change your eBay, PayPal, and email
passwords. You should also contact your bank to see if there has been
any suspicious activity on your account. You can find more information
about protecting your identity at the following help page:
posted on August 3, 2004 04:08:35 PM new
Hi Lucy. Welcome back. I was reading your wedding thread, and it looks like you had quite a time.
Here's a copy of the second email I received from Ebay. This is probably old hat to most of the posters on this board, but there may be a few newcomers or regulars who havn't received a spoof yet, and they may find it helpful. This is the typical series of responses you will get when you forward a suspicious email to [email protected]. Please note that Ebay mentions more than once they will never ask for sensitive information in an email:
Hello,
Thank you for writing to eBay regarding the email message you received
that appeared to be from eBay.
I have reviewed your account and do not see any active suspensions on
your account. I can assure you that your account is not suspended or on
hold. If you are experiencing problems signing in, we may be able to
provide additional assistance to pinpoint the problem. In most cases,
you can request a new password for your account to regain access to it.
In addition, you can contact us by clicking on the help link at the top
of all eBay pages and selecting the "contact us" link.
If you are not writing from the email address of the eBay account in
question, please provide us with the User ID of that account to help us
resolve your sign-in issues.
If you received an email message stating your account was suspended, it
is most likely a fake email. We advise you to be very cautious of email
messages that ask you to submit information such as your credit card
number or your email password. eBay will never ask you for sensitive
personal information such as passwords, bank account or credit card
numbers, Personal Identification Numbers (PINs), or Social Security
Numbers in an email.
Since you have received a spoofed email, your email address has most
likely been collected by a fraudulent source. As a result, you may
continue to receive spoofed emails for some time as these groups move
from Website to Website setting up fraudulent email addresses, fake
eBay Web pages and sending fraudulent emails.
We are committed to the security of the eBay site and our members. We
review every report we receive and forward all vital information to the
appropriate authorities for further action and tracking. We work
actively and aggressively in partnership with many agencies, ISP's and
law enforcement groups to support their investigation of these
fraudulent entities. As a public company, we rely on the same agencies
you do to pursue these fraudulent activities.
If you have any doubt about whether an email message is from eBay,
please forward it immediately to [email protected]. Do not respond to it or
click on any of the links in the email message. Please do not change the
subject line or edit the email in any way when you forward it to eBay.
If you have already entered sensitive information as mentioned above,
you should take immediate action to protect your identity and online
accounts. We have developed an eBay help page with valuable information
regarding the steps you should take to protect yourself.
We have enacted several preventative measures and increased information
on the eBay help pages to help educate our members to spot fake emails.
We would also encourage you to take this opportunity to learn more about
spoof emails. To access our Security Center please see the following Web
page:
http://pages.ebay.com/securitycenter/index.html
Once again, thank you for alerting us to the spoofed email you received.
Your efforts help us ensure that eBay remains a safe and vibrant online
marketplace.
Regards,
Ian
eBay SafeHarbor
Investigations Team
______________________________
eBay
Your Personal Trading Community (tm)
*******************************************
Important: eBay will not ask you for sensitive personal information
(such as your password, credit card and bank account numbers, Social
Security numbers, etc.) in an email. Learn more account protection tips
at:
In order to better serve you, we'd like to occasionally
request feedback on our service. If you would rather
not participate, please click on the link below and send
us an email with the word "REMOVE" in the subject line.
If that does not work, please send an email to the
email address below. Your request will be processed
within 5 days.
You are a riot!!! Or, is that ralphie misbehaving?
etexbill
LOL!!!!!!!!
Cheryl
. . .if you still try to defend the infamies and horrors perpetrated by that Antichrist- I really believe he is Antichrist- I will have nothing more to do with you and you are no longer my friend.. . - War and Peace, Tolstoy
posted on August 3, 2004 06:21:42 PM new
Reply to Japerton. Sorry for the delay. As to the email with 'I paid you' in the subject line. My friend opened the email at his msn account, there was nothing in the body so he deleted it. His first clue that something was amiss was his printer not working. His 'spool' was missing. He tried running his Norton and it had errors. It was all downhill from there. He suspects it was a trojan. He ran his restore disk, which re-formats the harddrive.
He has now changed his eBay email address and ANYTHING referencing eBay now gets deleted on his MSN address.
Amber, I recommend you change your password for eBay just as a precaution.
