[OT] Email from eBay -- This one was real!
flaminio
Posts: 5,664 ✭✭✭
Got an email from eBay asking me to change my password. Ho, hum -- another phish. I get dozens of these per day, but most get caught by my spam filter. As I'm looking at it, something looks weird. There are no links to click. Here's the email:
<< <i>It appears the password for your eBay account may have recently become compromised. As a result of this, we have reset your password and secret question.
To regain control of your account, please complete the following:
1. Change the password on your personal EMAIL account to verify that it is secure and cannot be accessed by anyone other than you.
2. Change the password on your eBay account. To do so, click the "Forgot your password" link on the eBay sign-in page and change your password using the instructions provided.
3. Follow the steps below to secure your account:
> Click on the "Security & Resolution Center" link found at the bottom of most eBay pages.
> Click on the "eBay Account Protection" link in the "Online Security Resources" box. This will take you to the help page titled "Securing Your Account and Reporting Account Theft."
> Follow the instructions provided under "Securing Your Account".
As you take these steps, please be aware that you may need to repeat the instructions provided above or use the "Back" button on your Web browser to return to the "Securing Your Account" page. >>
I opened a new browser, went to ebay.com, typed in my password, and sure enough, it didn't work. I ran the email through spamcop, and it reported that the email had indeed originated at ebay.com. It's either legit, or the best phish ever.
So, I followed the steps and changed my password (which I was due for anyway), which got me back into my account. I looked over all my information, and everything looks intact. Let's hope it all works out.
<< <i>It appears the password for your eBay account may have recently become compromised. As a result of this, we have reset your password and secret question.
To regain control of your account, please complete the following:
1. Change the password on your personal EMAIL account to verify that it is secure and cannot be accessed by anyone other than you.
2. Change the password on your eBay account. To do so, click the "Forgot your password" link on the eBay sign-in page and change your password using the instructions provided.
3. Follow the steps below to secure your account:
> Click on the "Security & Resolution Center" link found at the bottom of most eBay pages.
> Click on the "eBay Account Protection" link in the "Online Security Resources" box. This will take you to the help page titled "Securing Your Account and Reporting Account Theft."
> Follow the instructions provided under "Securing Your Account".
As you take these steps, please be aware that you may need to repeat the instructions provided above or use the "Back" button on your Web browser to return to the "Securing Your Account" page. >>
I opened a new browser, went to ebay.com, typed in my password, and sure enough, it didn't work. I ran the email through spamcop, and it reported that the email had indeed originated at ebay.com. It's either legit, or the best phish ever.
So, I followed the steps and changed my password (which I was due for anyway), which got me back into my account. I looked over all my information, and everything looks intact. Let's hope it all works out.
0
Comments
I use windows type-ahead, so I never actually enter my password.
Bingo! There is your problem. eBay wasn't comprimised, your computer was!
Whenever you use "auto-fill" windows stores a hash file of the password using very poor encryption in a folder in the application data hidden folder in your profile. I would immediately go to another computer and change my passwords on EVERYTHING that I had autofill on. Then, you should disconnect your PC from the internet and run an antivirus program. This should turn up a program similar to jacktheripper.exe which is a very common program used to de-hash the encrypted password files.
I'm guessing you have some sort of messenger service on your PC. If so then immediately uninstall it. Even with a firewall, messenger programs are huge holes in your computer's system. Yahoo, AOL, even Windows Messenger are frequently used to hack into your system by hackers looking for something like passwords. You should also go into your "Services" folder and turn off any services that use messenger or services that you do not need such as remote logon or remote registry and even messenger service.
I hope you can get this cleaned up. I'd call eBay to verify after I had my password changed.
If I only had a dollar for every VAM I have...err...nevermind...I do!!
My "Fun With 21D" Die State Collection - QX5 Pics Attached
-----
Proud Owner of
2 –DAMMIT BOY!!! ® Awards
<< <i>I'm guessing you have some sort of messenger service on your PC. >>
Yep. Behind teenage kids in the household, these are the second most dangerous things on a computer.
Russ, NCNE
<< <i>How do you disable this windows type-ahead feature? >>
In your browser window click Tools --> Internet Options --> Content --> Auto Complete
Then uncheck Usernames and Passwords and click the clear passwords button below.
It's generally recommended that one changes passwords every three months, and it'd certainly been longer than three months since I changed my eBay password, so the email was welcomed in that respect.
<< <i>Good suggestions, but I don't have autocomplete for passwords. I do run MSN Messenger (but not the Windows Messenger Service), but I don't see how that can snark a password (and have no teenagers in my house (yet)).
It's generally recommended that one changes passwords every three months, and it'd certainly been longer than three months since I changed my eBay password, so the email was welcomed in that respect. >>
If you have your messenger service turned on in "Services" you have trouble and a huge hole for hackers to stroll right on into your PC via some arbitrary port. You don't actually need a messenger program such as MSN messenger, although that makes it that much easier for hackers to get in, as long as the service is turned on, you have trouble.
<< <i>If you have your messenger service turned on in "Services" you have trouble and a huge hole for hackers to stroll right on into your PC via some arbitrary port. >>
Yes, that's correct. Here's a real easy program to see if yours is on and running, and to disable it. Almost no one in a corporate environment needs this, and absolutely no one in a home environment does.
If there are no changes in the account info, no weird auctions, then there is no way for them to know that your account info was snarfed off your personal PC.
Sounds similar to when the banks get hacked and lose info.
I've been told I tolerate fools poorly...that may explain things if I have a problem with you. Current ebay items - Nothing at the moment
<< <i>
<< <i>Good suggestions, but I don't have autocomplete for passwords. I do run MSN Messenger (but not the Windows Messenger Service), but I don't see how that can snark a password (and have no teenagers in my house (yet)).
It's generally recommended that one changes passwords every three months, and it'd certainly been longer than three months since I changed my eBay password, so the email was welcomed in that respect. >>
If you have your messenger service turned on in "Services" you have trouble and a huge hole for hackers to stroll right on into your PC via some arbitrary port. You don't actually need a messenger program such as MSN messenger, although that makes it that much easier for hackers to get in, as long as the service is turned on, you have trouble. >>
I checked it out - said "not signed in". So I guess it won't be a problem for me?
<< <i>Quick point of interest... why not use the Firefox browser instead? >>
Firefox is da bomb, but it wouldn't solve issues such as these. This stuff is more social engineering and user education than which browser one uses.
Have you tried the Firefox extension site? I think you can d/l phishing extensions...
I had all sorts of irritation from the instant messenger and went to the Hardware Central forum and asked how to get rid of it completely.
This was my answer. It worked for me. I don't NEED ...messenger.
.........................................................................................................
The advice:
"I have removed the program, restarted the computer, prayed, cursed and everything but kicked the damn machine.
Every time I log on to IE, I get a popup from Microsoft telling me I need a new version of messenger and click that off....THEN...
get ANOTHER message that my version needs a security fix.
ALL the windows updates are installed.
XP
NO more messenger icon.
Is there a way to GET RID of all traces of this irritating thing?
--------------------------------------------------------------------------------
Go to Control Panel> Administrative tools> Services> and disable messenger
__________________
Start/Run and enter the command:
RunDLL32 advpack.dll, LaunchINFSection %windir%INFmsmsgs.inf,BLC.Remove
Disabling instant messaging programs is not necessary and will not prevent Messenger service spam. To help protect your computer, you should enable Windows Firewall (or a firewall of your choice) and also make sure that the Messenger service feature in Windows XP is disabled.
To disable the Messenger service feature in Windows XP
You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings might also prevent you from completing this procedure.
Open Services in Administrative Tools.
Double-click Messenger.
In the Services list, double-click Messenger.
In the Startup type list, click Disabled.
Click Stop, and then click OK.
Note
If your computer is part of a corporate network, talk to your system administrator before taking this action.
https://www.civitasgalleries.com
New coins listed monthly!
Josh Moran
CIVITAS Galleries, Ltd.