Options
Warning - Ebay fraud alert
Barry
Posts: 10,100 ✭✭✭
Just got this email:
Dear eBay user,
As stated in the User Agreement, Section 5.1, we may request you to change you password. Because of security reasons and for your saftey, please understand the situation and be so kind to change your password. Please acces the following link to change your password : http://cgi5.ebay.com/aw-cgi/eBayISAPI.dll?RegisterShow
We thank you for your cooperation.
Respectfully,
Customer Support (Trust and Safety Department)eBay Inc
The link which looks like Ebay is actually a hyperlink which takes you http://www.psend.com/users/a28/index.php
Don't respond to it!
Dear eBay user,
As stated in the User Agreement, Section 5.1, we may request you to change you password. Because of security reasons and for your saftey, please understand the situation and be so kind to change your password. Please acces the following link to change your password : http://cgi5.ebay.com/aw-cgi/eBayISAPI.dll?RegisterShow
We thank you for your cooperation.
Respectfully,
Customer Support (Trust and Safety Department)eBay Inc
The link which looks like Ebay is actually a hyperlink which takes you http://www.psend.com/users/a28/index.php
Don't respond to it!
0
Comments
I am not sure how, but this spoof character seems to be pretty good at shutting these places down.
Russ, NCNE
Thanks for the heads-up! A few weeks ago, I got suckered into responding to what I thought was a legitimate email from ebay asking me to open the link, which of course, looked like the real thing when I did it (ie: opening page; whereas, my screen name was there and I typed in my password). It was to enter a contest for a GMC Jeep Jimmy. When I did what I usually do when I sign in regularly, it gave me a 9 digit key number as my entry number. Leary by this time, I phoned my brother-in-law. He phoned several other ebay pros and they all said that "Regardless of what the circumstances my seem to appear to be, EBAY WILL NEVER ASK YOU FOR ANYTHING germane to your screen name or password. I immediately changed my password. To put it simply...THE SCAMMERS ARE GETTING SMARTER!
You can't get much past the people around here.
John Marnard Keynes, The Economic Consequences of the Peace, 1920, page 235ff
Seems that the site you're redirected to has already been shut down.
Whenever I get an email like that, I look at the headers, to see where it came from, and also look at the text in raw mode. It showed the html redirect from what looks like an ebay site.
Russ, I hope you're kidding.
<< <i>Russ, I hope you're kidding. >>
Russ never kids.
Good catch!
I just got another one of those today!
Larry
Dabigkahuna
Barney
Richard
MS Buffalo
MS 1951
<< <i>There are a tremendous number of ebay and other vendor frauds. I receive about two a week. My policy is to never click on a link provided in an email unless I personally know the sender and are expecting the message (sort of like how to handle email attachments). The odds are high that a link in an email message is a fraud. Typically, I click on "blah blah" (Eudora) to display full mail headers and forward the message to abuse@ebay.com or wherever. Then if I think there may be something I need to take care of, I go to the web site in my usual manner that I know is reasonably secure. If ebay wants to tell me something or to change something, they'll do it when I log in.
Richard >>
Good policy indeed, got my first ever eBay scam e-mail today. Said to "verify identity" I needed to complete form and click send. This was asking for EVERYTHING including password, credit card and checking info, etc. Very official looking with headers and working links etc. Forwarded it to spoof@ebay.com and got a response VERY fast saying it did NOT originate from eBay. Funny thing is, I had just changed and confirmed a new e-mail address w/eBay two or three days ago. Scam mail came to old (but still active) e-mail address. BEWARE!
Joe
Wheat's Walkers #1 current late date set
Ebay will never send you an e-mail requesting that type of info.
<< <i>Crap! That one's not real? It sure looked real. I'm screwed.
Russ, NCNE >>
Russ I made that mistake once and I lost over $1000.00 out of my personal checking account a week later! I never recovered it! This goes on all of the time unfortunately!
Wheats Walkers # 1current late date set
1. Do not follow a link in an email that asks for security or personal information. Instead, go to the institutions web site directly. If the email is genuine there will probably be some indication on the web site. If not, call a known 800 number to find out.
2. Don't rely on an 800 number you see in an email. I know of cases of crooks setting up bogus 800 numbers that are answered as if they were XYZ Bank. And then the agent asks you for personal information.
3. Don't EVER give any bank employee (or supposed employee) your PIN for any reason. If someone asks for it either they do not really work for the bank or you should change banks --- most reputable banks will NEVER ask you for your PIN. They may ask for other personal information which you should only give if you have some reason to KNOW you are talking to a Bank employee. If in doubt (for example, if they called you), hang up and call the 800 number on your ATM or credit card. As an example, my employer the PIN is not readable by ANYONE. It is encrypted using a one-way algorithm, so the only way to verify is to encrypt what the customer enters (usually done in hardware at the ATM or terminal) and then compare with what is stored. Point is that the only thing a bank employee (or a fake employee) can do with you rPIN is defraud you!
4. Along with the more obvious---don't write you PIN on the back of your ATM card (you'd be amazed how many customers do this).
5. Treat your account number and PIN confidentially---it is really easy to make a card and the equipment costs only a few hundred dollars. And in some cases, your PIN is also an INternet Banking password (not a very good idea). We've been encouraging customers to use a user name/password that are different than their account number and PIN for a few years now, and, pretty soon, we will force customers to quit using their ATM PIN on our home banking site. If possiuble, ALWAYS use a home banking password that is separate from your PIN.
6. I am told that eBay crooks are harvesting email addresses from users that use simply their email address as a user name---I thought that would be convenient at the time, but now I regret it. I suppose I'll change my eBay id sometime soon, but the damage is already done, I suspect, as any number of crooks have already harvested my email address.Out of curiosity, does anyone with an eBay ID that is NOT your email address get these scam mails yet?
Sorry to be so long winded, but if it saves one person from falling into any of these traps, it was worth the space.
Pete
(By the way: I actually got a legitimate email from Paypal today, along with another that is not legitimate).
"Exactly."