posted on July 8, 2006 02:56:00 PM
I wonder how the heck he got my email address? He has the right auction number and title. It looks like a standard Ask seller a Question email but this email was not sent from ebay and the buyer is NRU. The reply link is to:
----- Original Message -----
From: eBay Member: bestcustomer92
To: [email protected]
Sent: Saturday, July 08, 2006 4:41 PM
Subject: Question for item #2600xxxxx - Vintage Vase
eBay sent thi s m essage to cxxxxx.
Your registered n ame is in clu de d t o show this message or igi nate d f rom eBay. Learn more.
Question about It em -- Respo nd Now
eBay sent this message on behalf of an eBay member via My Messages. Responses sent using email will go to the eBay member directly and will include your email address. Click the Respond Now button below to send your response via My Messages.
Question from bestcustomer92
Item: Vintage Vase xxxxxxx (2600xxxxxxxx)
This mess age was sent while the lis ting was active.
bestcustomer92 is a potential buyer.
Hi, I would like to know if is possible to ship to New Jersey? I am very interested so I'll wait a response. Have a nice day
Respond to this question in My Messages. >click here< fake login.
Edited to remove personal info
[ edited by LtRay on Jul 8, 2006 02:58 PM ]
posted on July 8, 2006 03:31:33 PM
This is the point I was trying to make in Pixiamom's TKO thread. This jerk is in Korea, but he registered a buyers account just recently showing it as New Jersey, solely for the purpose gaining access to the Ebay messaging function. Ebay apparently caught on early enough to NARU him, but someone has figured out how to hack the messaging system and send authentic looking spoofs, and he is probably sending out scores of them daily, even though the account is invalid. Wanna take a guess where your reply would have ended up if you had bit?
If Murphy's law is correct, everything East of the San Andreas Fault will slide into the Atlantic
posted on July 8, 2006 06:40:57 PM
Sparkz, the way I read it, the spoof was in LtRay's email, not in eBay's messaging system. I haven't heard of anyone hacking it yet, but I'm sure it's only a matter of time...
posted on July 8, 2006 07:02:50 PM
I know it's an ASAQ email, but it came through Ebay's system,("eBay sent thi s m essage to cxxxxx.
Your registered n ame is in clu de d t o show this message or igi nate d f rom eBay" so there may be a copy in her messages also. They don't need her Email address. That is supplied by Ebay when it is sent by them. One other scenario, and much more logical, is that this person really is in N.J.(or somewhere in the U.S.) and is redirecting it through a Korean site, possibly Ebay Korea itself.
If Murphy's law is correct, everything East of the San Andreas Fault will slide into the Atlantic
posted on July 8, 2006 07:53:56 PM
OMG, got the same email, signed in & ANSWERED IT. This one fooled me completely because it had the right auction number & item.
LtRay am I ever glad you posted this.
Here I'm thinking how stupid can a bidder be, do I ship to NJ.
Looks like I was the stupid one.
I see lots of mistakes now that I am reading the entire email.
So what do I do now, change my PW.
Subj: Question for item #290003133792 - Frog On A Mushroom Rubber Stamp Stamps Scrapbooking NEW
Date: 7/8/2006 3:29:08 AM Eastern Standard Time
From: [email protected] (eBay Member: bestcustomer92)
To: [email protected]
eBay sen t this messag e t o mcjane.
Your register ed name is included to sho w this mess age o rig inat ed from eBay. Learn more.
Question abo ut Item - - R espond Now
eBay sent this message on behalf of an eBay member via My Messages. Responses sent using email will go to the eBay member directly and will include your email address. Click the Respond Now button below to send your response via My Messages.
Question from bestcustomer92
Item: Frog On A Mushroom Rubber Stamp Stamps Scrapbooking NEW (290003133792)
This message was sent whi le the l ist ing was active.
bestcustomer92 is a potential buyer.
Hi, I would like to know if is possible to ship to New Jersey? I am very interested so I'll wait a response. Have a nice day
Respond to this question in My Messages.
Item Details
Item name: Frog On A Mushroom Rubber Stamp Stamps Scrapbooking NEW
Item number: 290003133792
Always remember tocomplete your tra nsa ctions
on eBay - it's th e s a fer way to
trade.
Is thi s m essage an offer to buy
your item directly throu gh email
without winning t he item on
eBay? If so, please h elp make
the eBay marketpla ce safer by
reporting it to us. These "outside of eBay"transactions m ay be unsafe and
are against eBay policy. Learn more about trading safely.
Is this email inapp rop riate?
Does it violate eBay policy?Help pr ote ct the community by
reporting it.
Learn how you can protect yourself from spoof (fake) emails at:
http://pages.ebay.com/education/spooftutorial
This eBay notice was se nt to mcjane3 02@ wmconnect.com on behalf of another eBay member th rou gh the eBay pla tform and in
accordan ce with our Privacy Pol icy. If yo u w ould like to receive this email in text for mat, change your notification preferences.
See our Privacy Policy and User Agreement if you have questions about eBay's communication policies.
Privacy Policy: http://pages.ebay.com/help/policies/privacy-policy.html
User Agreement: http://pages.ebay.com/help/policies/user-agreement.html
posted on July 8, 2006 08:38:59 PM
If you got to your password i time to change it, you should be o.k. If you were using your old PW on other sites, change it there as well, especially Paypal. Also, I'm assuming you have an up to date anti virus program running on your computer? If so, I would do a full scan now.
If Murphy's law is correct, everything East of the San Andreas Fault will slide into the Atlantic
posted on July 8, 2006 09:54:36 PMsparkz
At one time my PW was the same everywhere including PayPal. I changed PayPal because I read somewhere, probably here, it should be different than your eBay address.
My eBay PW was changed a few months ago because all of a sudden when I tried to log in, after having the same PW for 6 years, it said invalid. I have no idea what happened & had a hell of a time getting it straightened out.
It's a good thing now because eBay was the only site with the PW I used today to answer that email
I answered that email around noon & it was about 11 hours later I saw LtRay's post & changed my PW
What could they possibly do with someone's eBay PW ? & why do I need to do a virus scan.
posted on July 8, 2006 10:07:43 PM
Sparkz, it came directly to my email, not through the ebay system. There was no message posted in my ebay message file. I'm beginning to believe that some one has hacked ebay.
That is why I questioned how they could get my email address. If it had come through ebay it would have been obvious, but coming directly to me and by-passing ebay, you have to wonder how they are getting seller's email addresses?
McJane, don't feel bad. My first thought was the same as yours. How dumb can the buyer be to not know I ship to NJ?
This is why I NEVER click on links in emails. I also do not show my email address in replies through eBay unless the buyer has an active and recent buying history. There are just too darn many stolen accounts on ebay right now.
Do as Sparkz suggests and make sure you have changed your passwords on any on-line accounts that you use the same password on.
Another security measure I have used for ages is that I have different passwords for secure and unsecured web accounts.
For accounts which may contain financial info I use a complicated 8 character password. I use another simpler password for other sites.
example, password type 1 is used for banking, credit cards, paypal, etc.
Password type 2 is used for yahoo, boards, silly stuff.
I keep a yahoo account just for communicating with people that I don't necessarily want to know my personal email address.
posted on July 8, 2006 10:26:23 PM
McJane...Tomorrow, you will probably get a lot of personal accounts from Vendio posters who can tell you first hand the misery a person can cause when he hijacks your account. As for a virus scan, it doesn't take 15 seconds for a person to include a trojan in a spoof such as this. Most likely the fake sign-in page you opened was infected. If you wound up with a key logging trojan on your hard drive, he will be able to see every password you type on that computer. Scan your hard drive BEFORE you change any passwords. Otherwise, if you are infected, he will see any new password you create before you even have a chance to use it.
If Murphy's law is correct, everything East of the San Andreas Fault will slide into the Atlantic
posted on July 8, 2006 10:35:29 PM
LtRay,
I don't click on these type of emails either.
Got one a few days ago that said something like "I sent money, where is my item" I knew right away it was a scam, but this one had the name of the item & auction number even a link to my auction. I clicked on the link, checked the auction to double check my postage amount & then hit reply, gave my user ID & PW & answered it saying yes, I ship to NJ the postage to NJ, USA was 1.20
All I was thinking about was it was such an unusual or stupid question I would give the postage amount & mention USA in case there was a NJ in Russia or somewhere.
Not for a second did it occur to me it was a scam.
I am so suprized I don't know if I was just plain stupid or if the sender was just plain good.
Again, thanks for posting. I never would have known if not fot that.
I still have no idea what can be gained by knowing my eBay PW unless someone wanted to screw up my auction.
[ edited by mcjane on Jul 8, 2006 10:37 PM ]
One way to get your email address is to buy something from you. Or, more likely, they got you to respond to a message outside of My Messages.
It could be a two-pronged attack. The first message is an innocuous one that you respond to. They get your eBay id, your email, and the smug knowledge that you do respond to such emails. The second message, sent utilizing the information gained in the first, contains a link you really should not click on.
I like it. It's evil.
What I really like better, though, is Jay and Marie's (apparent) policy on answering email. They never do it.
posted on July 8, 2006 11:21:58 PMfluff Oh I had what Jay & Marie have & could sell like them, maybe I wouldn't answer emails either, but I HAVE to answer them.
eBay has that ask a seller & everyone uses it.
I've gotten quite a few eBay emails that I knew were fake, never answered them. I knew by the question, it was always vague. This is the only one that fooled me, it seemed so legit, link to my auction, etc. Have to admit the question was stupid, but there are a lot of, lets say, uninformed newbys out there & I thought this was one of them. My thought was I hope they do not bid on my auction because I figured I would go through hell trying to talk them through the process.
As for spam, I never answer, don't even read it. I do answer questions about what I'm selling & it seems all my buyers use eBay, ask seller. So, what an I to do, I have no idea & I'm scared to death.
posted on July 9, 2006 02:58:05 AM
McJane, I responded to an ASQ email, logged in, got my account hijacked. They used my eBay password to list an SUV under my good name. They also infected my computer from the link I clicked with a very nasty virus. Since then, I refuse to answer any emails, I only answer through eBay's messaging system.
posted on July 9, 2006 04:46:41 AM
Can someone tell me if it's safe to use the clickable question on the eBay toolbar popup? I have been using that, but maybe I shouldn't be.
posted on July 9, 2006 06:25:26 AM
You are blaming eBay because you answer emails outside of eBay?
How about you only answer emails once logged in and looking at your "my messages" that way you wouldn't need to click on any link because you would know that you had already logged in.
That is the whole purpose behind ASQ to keep it somewhat safe. You can even check the box that says keep my email address hidden.
Mcjane if they did away with ASQ and then a bidder bids and then doesn't like something, first thing we will start hearing "why didn't you ask first?"
It is a double edged sword if you are careless.
posted on July 9, 2006 01:14:12 PMpixia & Washington
What I am doing is clicking on the link in the email that eBay sends, or it looks like eBay sends, meaning I am clicking on directly from the email.
Are you saying I should go to eBay & sign in to view any ASQ & answer from my messages & not do it through email.
I've never done it that way, always went through email, but will now if that is the fool proof way.
I mentioned earlier that I had the same PW for years & a few months ago eBay made me change it, saying something like my PW was compromised. I had no idea what they meant & had a hard time changing it, in fact after three days of trying I went to live help & they fixed it in minutes & I was able to get back on. I'm wondering if I did the same dumb thing before & never knew it.
Caught it this time only because of LtRay's post.
So far everything looks OK, but I am still worried. Do not want to go through what pixia went through. I feel for you.
I have xoftspy & have scanned my computer, but have no idea what I am looking at & don't know if I have/had the trojan virus or not.
When it comes to the technical aspect of computers I am completely in the dark. I needed this wake up call.
This is my first experience of actually knowing I made a huge mistake.
posted on July 9, 2006 01:23:36 PM
My sister only answers ASQ via email but she never hits the yellow Respond button and never clicks on any links. I don't have that kind of discipline so I only answer ASQ through My Messages in eBay. I even have an autoreply on my email telling eBayers they will be ignored unless they send through eBay's messaging. An extra step for some but I never want to go through the hacker/virus thing again.
posted on July 9, 2006 01:31:50 PM
I never saw the ad, eBay spotted it, pulled it locked out my ID until I contacted them. I think it was within a week of me giving away my password. EBay was very good about making things whole, crediting me the fees, etc.
I assume the hacker was planning on instructing people to send payment to a P.O. Box and I'm sure there wasn't an SUV they were intending to ship. Buyers seeing a high feedback number without many negatives could be stupid enough to send the money (especially if they thought they were getting a super deal).
posted on July 9, 2006 01:49:10 PM
Yes mcjane that is what I am saying, go to ebay first log in and check your messages. If I see I have an email from ebay, I go and log in and read it from "my messages". Does it make it more complex for you? yes unfortunately but then again you will be logged in legit so no need to click any log in link.
posted on July 9, 2006 07:42:47 PM
Right Washington, not as easy as answering email, but after yesterday you can bet I'll do it, go to eBay. I thought that was what you meant. The crooks are getting better all the time, was 100% fooled.
pixia that makes sense, guess they could collect selling on your account.
posted on July 9, 2006 07:58:55 PM
McJane...Just thought I'd mention that your spyware program, while good at detecting spyware, adware, etc. is not an antivirus program, and scanning with it will not detect a virus, worm or trojan. You need a dedicated antivirus program for that. There are several excellent ones out there, and a couple are free. You can also go to Trendmicro.com and use their free online scan service. It'll probably make you feel a little better to know that your ISP has AOL administer their email system for them. As such, all of your emails through them will have been scanned for viruses before you receive them. There's very little danger of you receiving an infected email or attachment. The links inside the emails are the dangerous things. There's no telling where they go. I've made a practice of never clicking on a link in any email.
If Murphy's law is correct, everything East of the San Andreas Fault will slide into the Atlantic
posted on July 9, 2006 08:35:56 PM
McJane - I got burned out trying to juggle between my email account AND my ebay messages - so I decided to just use one or the other. I settled on my email account because it's much easier to use than ebay's (I can even use HTML and quotes!!). I have as one of my FAQ that I will not answer ASQ's with hidden addresses...so I NEVER use the yellow button or sign in to ebay through email..works well for me.
-------------------------------------
posted on July 15, 2006 03:10:16 PM
Late to this thread but...
I got an email similiar to the one posted here but the one I got said they had won my auction and to let them know how to pay or something in that vain. Since I haven't sold anything in years I was like huh? I cut and pasted the ID and did a search. Finally the name came up in Ebay Germany and this person had sold the item he/she wrote me about. It was really strange and confusing. I immediately deleted the e-mail.
so there may be a copy in her messages also. They don't need her Email address. That is supplied by Ebay when it is sent by them. One other scenario, and much more logical, is that this person really is in N.J.(or somewhere in the U.S.) and is redirecting it through a Korean site, possibly Ebay Korea itself.
