posted on August 7, 2004 07:07:44 AM new
Very strange. I tried to log into my email that I use for ebay this morning , entered my password etc and it asked the security questions etc. I thought kind of weird. Until I received the email listed below. I have already sent it with headers to [email protected]. We will see what happens. don't worry, I have already changed my password on ebay.
-------------------------------------------
X-Apparently-To: My email address via 206.190.39.180; Thu, 05 Aug 2004 16:14:35 -0700
X-YahooFilteredBulk: 81.244.38.116
X-Originating-IP: [81.244.38.116]
Return-Path: <[email protected]>
Received: from 81.244.38.116 (EHLO localhost.localdomain) (81.244.38.116) by mta377.mail.scd.yahoo.com with SMTP; Thu, 05 Aug 2004 16:14:35 -0700
Received: (from root@localhost) by localhost.localdomain (8.11.6/8.11.6) id i75NYF514937; Fri, 6 Aug 2004 01:34:15 +0200
Date: Fri, 6 Aug 2004 01:34:15 +0200
Message-Id: <[email protected]>
From: [email protected] Add to Address Book
Reply-to: [email protected]
Subject: Account Pre-Suspension Critical Notice
To: My email address Content-type: text/html
Content-Length: 1400
Account Pre-Suspension Notice
Dear my ebay ID (My email address),
You have received this email because we have strong reason to believe that your eBay account had been recently compromised used by a third party without your authorization. In order to prevent any fraudulent activity from occurring we are required to open an investigation into this matter. To speed up this process, you are required to verify your eBay infos by following the link below.
http://signin.ebay.com/eBayISAPI.dll?Signln&UserID=My ebay ID
(To complete the verification process you must fill in all the required fields)
Please Note - If your account informations are not updated within the next 72 hours, then we will assume this account is fraudulent and will be suspended. We apologize for this inconvenience, but the purpose of this verification is to ensure that your eBay account has not been fraudulently used and to combat fraud.
We appreciate your support and understanding, as we work together to keep eBay a safe place to trade.
Thank you for your patience and attention in this important matter.
Regards,
Naomi,
Fraud Prevention Group
Do not respond to this e-mail, as your reply will not be received.
Copyright 2004 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
eBay and the eBay logo are trademarks of eBay Inc. is located at Hamilton Avenue, San Jose, CA 95125
posted on August 7, 2004 08:03:29 AM new
Obvious phish, so don't be a fish!
“Our enemies are innovative and resourceful, and so are we! They never stop thinking about new ways to harm our country and our people, and neither do we.” ~ GWBush White House 8/5/4
posted on August 7, 2004 08:05:10 AM new
"...to verify your eBay infos by following the link ..." so we can clean out yer checking account & build out new hut in Taipai!
“Our enemies are innovative and resourceful, and so are we! They never stop thinking about new ways to harm our country and our people, and neither do we.” ~ GWBush White House 8/5/4
posted on August 7, 2004 08:30:28 AM new
That is the exact email I got about a week ago, and wrote about on this forum. I too had had problems logging into my account, and thought it was genuine. I sent it to [email protected] twice, and have never received a reply. I changed my password, and have had no problems since. eBay have always replied quickly when I wrote about a possible spoof in the past, and I have never had problems logging in for the 5 years before this. It makes me wonder what is going on.
posted on August 7, 2004 08:36:29 AM new
IF YOU CLICK ON THE LINK, you can end up with a KEYSTROKE LOGGING TROJAN even without entering info, so...
DONNA CLICK LINKS!
“Our enemies are innovative and resourceful, and so are we! They never stop thinking about new ways to harm our country and our people, and neither do we.” ~ GWBush White House 8/5/4
posted on August 7, 2004 09:59:39 AM new
If using webmail, just put the pointer over the link in the email and look at the status bar at the bottom of the screen. It is usually something different than the link. (If you don't have a status bar, it is under the 'view' menu)
posted on August 7, 2004 10:05:41 AM new
I think what Fluffy was trying to say, while wearing her IAT mask was that if you mouse over the link you can see that it's not legit.
It saves trying to second guess ESL diction and syntax!
The link may "look" like the legit sign in, but the html composing it is easily changable.
For example
<a href="http:://www.google.com/search?q=Ebay">http://
signin.ebay.com/eBayISAPI.dll?Signln&UserID=
My ebay ID
</a>
posted on August 9, 2004 05:34:28 AM new
I have had a thought concerning this particular spoof, if both Polama91 and I had problems logging in before we got the email, I am wondering if someone tried logging in using our user ID, and then tried several different password attempts before sending the email. It seems too much of a coincidence that 2 of us got the email after having problems logging in. It takes you off guard because you are already thinking that you have a problem.
posted on August 9, 2004 05:56:12 AM new
OOOOh, This is so scarey. Right after recieving that email, I did change my passwords on ebay and my email. Thanks everyone. I am very glad we can share info here. I think it's helpful for all of us.
posted on August 9, 2004 08:20:53 AM new
I am a little confused..did you have trouble logging into your EMAIL account (that's how I read your OP - I tried to log into my email that I use for ebay this morning ) or your EBAY account? Where did you receive the security prompts?
If it was your email account, I don't see how changing your ebay password would help. It looks like it was your email account that was compromised and not your ebay acct???
**********************************
Sig files are too much trouble! http://stores.ebay.com/Moody-Mommys-Marvelous-Postcards
posted on August 9, 2004 11:09:10 AM new
I got the security prompts when trying to access my email. When I did open it, I found the email listed in the first post above. I was still able to access my ebay account which I immediately changed the password
posted on August 9, 2004 01:47:39 PM new
Oranges and kumquats.
Orange: The security alert on your free yahoo email account.
Kumquat: The typical phish email you received that we all get, just about every stinkin' day.
The one has NOTHING to do with the other.
Except that yahoo is probably selling their email lists to spammers, just like AOL does. If not, the spammers are just running dictionary attacks to get the addresses.
I'd explain what a dictionary attack is but I'm sure y'all have stopped reading way before now.
posted on August 9, 2004 01:58:53 PM new
Oh, screw it. I'll explain it anyway.
A dictionary attack is so called because historically spammers have used very large text files full of single words to generate email addresses. Such dictionary files are readily available; you don't have to compile one yourself.
Today's more sophisticated dictionary attack involves a little (not a lot) of programming.
Recall that what computers do best is a mind-boggling of operations in a very short time...and CPU power is dirt cheap these days.
You get the drift? You end up with billions of addresses but the computer doesn't care. It attaches each one to your spam and shoves it out on the network...over and over and over.
If you're still awake at this point, you're wondering, "Isn't it kind of obvious from the very high traffic volume where this stuff is coming from?"
You get a gold star! Yes, it is really obvious, and this aspect of spamming has prompted some really crude anti-spamming measures.
One ISP that I know intimately will stop forwarding your email if you send more than 6 emails in a minute. (Yeah, unfortunately that also blocks legitimate emails like professional mailing lists and automated EOAs from eBay sellers who have a lot of auctions.)
There is much more to this subject, but if you have gotten this far without dozing off because it doesn't contain any anti-Bush snipes or cute pictures of animals, you now know more about spam than 99% of the Vendio Community.
That's all for now, and remember kids, the person you are tempted to mock today may be the one who has the answer you seek tomorrow. A whole bunch of you funseekers have been remarkably short-sighted in that regard.
Sayonara.
--
(edited for clarity)
[ edited by iareateacher on Aug 9, 2004 02:12 PM ]
