ebay Security--An interesting reply from their investigations group
CalGold
Posts: 2,608 ✭✭
I received a phishing scam email a week or so ago that purported to come from ebay. The spam said that my account had been canceled and that I should click a link and re-enter my account information. Being aware that there were a lot of phishing scams going on and since I am not an active ebay user--I first went directly to ebay and read their advice about scams. One key point is that any email they send to customers receives a cc to the customer's ebay messages box. If there isn't a copy in your ebay messages box the email did not come from them. The absence of a copy of the scam email in my ebay messages box confirmed to me that it was a scam so I reported it to ebay. I also questioned how a scammer could have obtained my email address from ebay. Today I received the following reply.
<< <i>Thank you for writing to eBay regarding the fraudulent email you have received.
I can assure you that eBay does not sell or rent your information to any third parties in accordance with our user agreement. Your information was not gotten through eBay, however, these messages are make to look like they are from eBay because eBay members are a large population.
Random chance has shown that people that are sent these messages will, more often than not, be eBay members, I can assure you that nonmembers recieved exactly the same types of messages because their information was harvested in the same way and it could not have been gotten from eBay as they have never used eBay. I cannot be certain how these spammers may have gotten your email address as there are many ways.
Often times we do indeed see large chunks of certain ISP's being targeted; AOL, Comcast, Earthlink and MSN to name a few. In general some
of the ways email addresses are obtained are below:
1. Your ISP sells or rents your email address or are illegally obtained in hopes that a large portion of the addresses will be eBay members. We have seen "credit card" update emails sent to members and non-members alike.
2. A spammer accesses an unsecured mail server and obtains all the email addresses sending messages through the server.
3. You visit other websites and enter your email address to enter contests or register.
4. A spammer uses a "spider" to scan the html of any Internet web page, such as eBay, chat rooms, board postings and newsgroups, and collects any data that contains the @ symbol.
Sadly, there are many other ways in which an email address may be obtained. The best thing you can do when you receive spam is report it.
If the email is reported quickly there is more of a chance of finding the entity sending it and stopping them from sending further fraudulent emails.
One option you may consider is obtaining a new email address solely for eBay use. You should save your ISP email account for personal usage and do not use it for registering on websites, entering contests or for downloading. If you do receive spam through the new email address, it can be more easily removed, filtered and ignored.
In addition, we advise you to be very cautious of email messages that ask you to submit information such as your credit card number or your email password. eBay will never ask you for sensitive personal information such as passwords, bank account or credit card numbers, Personal Identification Numbers (PINs), or Social Security numbers in an email. If you ever need to provide information to eBay please open a new Web browser, type www.ebay.com, and click on the "site map" link located at the top the page to access the eBay page you need.
To review eBay's new tutorial about Spoof Emails, please click on the help link located at the top of all eBay page. Once the help window appears, click on the link to eBay's Security Center. From the Security Center you will find a variety of safety related links. On the right hand side you will see a link to "Protect yourself from spoof emails".
Help > Security Center > Protect yourself from spoof emails
For your safety, we are trying to remove all clickable links from official eBay communications. Instead, we are providing the path for you to follow to find the information on our site. This is for your own protection.
Once again, thank you for alerting us to the spoof email you received.
Your vigilance helps us ensure that eBay remains a safe and vibrant online marketplace. >>
<< <i>Thank you for writing to eBay regarding the fraudulent email you have received.
I can assure you that eBay does not sell or rent your information to any third parties in accordance with our user agreement. Your information was not gotten through eBay, however, these messages are make to look like they are from eBay because eBay members are a large population.
Random chance has shown that people that are sent these messages will, more often than not, be eBay members, I can assure you that nonmembers recieved exactly the same types of messages because their information was harvested in the same way and it could not have been gotten from eBay as they have never used eBay. I cannot be certain how these spammers may have gotten your email address as there are many ways.
Often times we do indeed see large chunks of certain ISP's being targeted; AOL, Comcast, Earthlink and MSN to name a few. In general some
of the ways email addresses are obtained are below:
1. Your ISP sells or rents your email address or are illegally obtained in hopes that a large portion of the addresses will be eBay members. We have seen "credit card" update emails sent to members and non-members alike.
2. A spammer accesses an unsecured mail server and obtains all the email addresses sending messages through the server.
3. You visit other websites and enter your email address to enter contests or register.
4. A spammer uses a "spider" to scan the html of any Internet web page, such as eBay, chat rooms, board postings and newsgroups, and collects any data that contains the @ symbol.
Sadly, there are many other ways in which an email address may be obtained. The best thing you can do when you receive spam is report it.
If the email is reported quickly there is more of a chance of finding the entity sending it and stopping them from sending further fraudulent emails.
One option you may consider is obtaining a new email address solely for eBay use. You should save your ISP email account for personal usage and do not use it for registering on websites, entering contests or for downloading. If you do receive spam through the new email address, it can be more easily removed, filtered and ignored.
In addition, we advise you to be very cautious of email messages that ask you to submit information such as your credit card number or your email password. eBay will never ask you for sensitive personal information such as passwords, bank account or credit card numbers, Personal Identification Numbers (PINs), or Social Security numbers in an email. If you ever need to provide information to eBay please open a new Web browser, type www.ebay.com, and click on the "site map" link located at the top the page to access the eBay page you need.
To review eBay's new tutorial about Spoof Emails, please click on the help link located at the top of all eBay page. Once the help window appears, click on the link to eBay's Security Center. From the Security Center you will find a variety of safety related links. On the right hand side you will see a link to "Protect yourself from spoof emails".
Help > Security Center > Protect yourself from spoof emails
For your safety, we are trying to remove all clickable links from official eBay communications. Instead, we are providing the path for you to follow to find the information on our site. This is for your own protection.
Once again, thank you for alerting us to the spoof email you received.
Your vigilance helps us ensure that eBay remains a safe and vibrant online marketplace. >>
0
Comments