Uh-oh. Hope I didn't just get phished.
lordmarcovan
Posts: 43,893 ✭✭✭✭✭
I just had a question from an eBay member in my email. It does NOT show up on the question page in My eBay. I clicked the "Respond Now" button in the email message and was directed to an eBay logon page (though I believe I was already logged on).
The item number being questioned about leads HERE. Not my auction. I had to do a search on eBay to find it, because the link to it from the email also did not work and led to a logon page.
The email looked legit enough, but I had a strong feeling he was not asking about one of my coins because both of the auctions I have running very clearly state that I will give free shipping on these particular items to North America, including Canada. And his question regarded shipping costs to Canada.
I have a bad feeling. Think I just got hooked? I should've known better than to use the logon provided in the email.
<< <i>eBay Member jabberjock
<aw-confirm@ebay.com>
Reply-To : UseTheYellowButton@ebay.com
Sent : Friday, June 1, 2007 4:26 PM
To : rwshinnick@hotmail.com
Subject : Message from eBay Member Regarding Item #320116285683
Your registered name is included to show this message originated from eBay. Learn more.
Question about Item -- Respond Now
eBay sent this message on behalf of an eBay member through My Messages. Click the "Respond Now" button to answer the question.
Question from jabberjock
jabberjock( 12)
Positive feedback: 100%
Member since: Dec-21-05
Location: Canada
Registered on: www.ebay.ca
Item: 320116285683
This message was sent while the listing was active.
jabberjock is a potential buyer.
Hi ,
Can you please tell me how much is delivery to Canada ?
Thanks,
John
Respond to this question
Responses in My Messages will not include your email address.
Thank you,
eBay >>
The item number being questioned about leads HERE. Not my auction. I had to do a search on eBay to find it, because the link to it from the email also did not work and led to a logon page.
The email looked legit enough, but I had a strong feeling he was not asking about one of my coins because both of the auctions I have running very clearly state that I will give free shipping on these particular items to North America, including Canada. And his question regarded shipping costs to Canada.
I have a bad feeling. Think I just got hooked? I should've known better than to use the logon provided in the email.
<< <i>eBay Member jabberjock
<aw-confirm@ebay.com>
Reply-To : UseTheYellowButton@ebay.com
Sent : Friday, June 1, 2007 4:26 PM
To : rwshinnick@hotmail.com
Subject : Message from eBay Member Regarding Item #320116285683
Your registered name is included to show this message originated from eBay. Learn more.
Question about Item -- Respond Now
eBay sent this message on behalf of an eBay member through My Messages. Click the "Respond Now" button to answer the question.
Question from jabberjock
jabberjock( 12)
Positive feedback: 100%
Member since: Dec-21-05
Location: Canada
Registered on: www.ebay.ca
Item: 320116285683
This message was sent while the listing was active.
jabberjock is a potential buyer.
Hi ,
Can you please tell me how much is delivery to Canada ?
Thanks,
John
Respond to this question
Responses in My Messages will not include your email address.
Thank you,
eBay >>
0
Comments
Russ, NCNE
in other words, consider that password compromised and spend the
next hour changing wherever you use it.
contain the issue.
Russ, NCNE
--Christian
I think a real fishing scammer prefers getting a fighter once in a while - reeling in dead fish must get boring.
<< <i>As long as you didn't enter your login information you're fine. >>
That's the problem. In a moment of inattention, I did just that. Bit down on the hook.
Goose3 and fc- thanks, I immediately changed my eBay password, and will proceed to do the same with PayPal, which was the same. Used the same password on both sites since I started eBay in 1999, believe it or not. I suppose it was time to change anyway.
Russ- thanks. I will change email prefs to text only.
I think there was a hook in that worm, folks, and I bit. I hope the damage can be contained quickly. I felt funny the minute I took the bait.
never respond to ebay messages thru "email" delivery....always log on and respond on ebay....
The dimwits at T&S seem not to understand the problem.
Their responses to the spoof-reports on this phish make
no sense at all.
Today, I am officially retiring as a "free-cop" for EBAY.
Nobody is going to burn/phish me, so EBAY can save
everybody else without ANY help from me.
Joe G.
Great BST purchases completed with commoncents123, p8nt, blu62vette and Stuart. Great coin swaps completed with rah1959, eyoung429 and Zug. Top-notch consignment experience with Russ.
////////////////////////////////////////////////
That is where the newest phishing is being done:
MY MESSAGES
By now if you're paranoid about following links you can also click "security center" on the bottom of your ebay screen. Click the button for "spoof" emails.
I had a similar phishing mail and reported it to paypal and was surprised that they replied in a few minutes and verified it was a scam and said "do not enter your info and if you did change your passwords NOW". Luckily I did not bite the hook yet.
Report it here
I automatically disregard email from PayPal but for some reason this eBay phish flew under my radar and caught me absentminded.
Duh.
Hopefully yours truly is a fish who realized his mistake quickly and wriggled off the hook just in time, before he got pulled onto the boat and gutted.
<< <i>That is where the newest phishing is being done:
MY MESSAGES >>
Not this particular one. If it were, I'd get it in text. It comes in html. It's also not possible to embed a bogus login link using the messages feature through eBay that codes in the clickable buttons.
Russ, NCNE
pine. you can send me all the html you want and it still shows like
plan text ;-). i am too lazy to install lynx.
keep an eye out for any activity on the account(s) and be sure
to know who to contact if you see something suspiscious in the
next hours to day.
Received: from apollo.hyperroll.com (apollo.hyperroll.com [212.143.92.234])
by mx00.csee.onr.siteprotect.com (Postfix) with ESMTP id D6E88DD8056
for <russ@compucheap.com>; Fri, 1 Jun 2007 19:33:17 -0500 (CDT)
Received: from apollo.hyperroll.com (localhost.localdomain [127.0.0.1])
by apollo.hyperroll.com (8.12.8/8.12.8) with ESMTP id l520bUel025494
for <russ@compucheap.com>; Sat, 2 Jun 2007 03:37:30 +0300
Received: (from root@localhost)
by apollo.hyperroll.com (8.12.8/8.12.8/Submit) id l520bUaT025492;
Sat, 2 Jun 2007 03:37:30 +0300
Date: Sat, 2 Jun 2007 03:37:30 +0300
Message-Id: <200706020037.l520bUaT025492@apollo.hyperroll.com>
To: russ@compucheap.com
Subject: Message from eBay Member regarding Item #130118081302
From: eBay Member paradisemint <member@ebay.com>
Russ, NCNE
feature through eBay that codes in the clickable buttons."
///////////////////////////////////////////////////////////////////
The ones that I have been getting in My Messages this week,
have this feature:
When I click the respond button, I am taken straight to the
fake EBAY sign-in screen.
>>Your registered name is included to show this message originated from eBay. Learn more. <<<<<
They include this to look official, but they never have had my real name up above, they use your or their ebay handle in hopes you won't notice.
They know your email address but not your real name. I wouldn't call this foolproof, but it quickly eliminates the vast majority of them. The line below should be at the top of the body of the email.
"eBay sent this message to ((Your real name here)) (Your ebay handle here)"
I use Eudora Email and when I mouse over the links it will pop up a text box that warns that the destination doesn't match the address of the link. I love that feature. It either comes from Eudora or Norton, but I believe it is the email software.
I hope they didn't get to your account. Time for a new password.
<< <i>"It's also not possible to embed a bogus login link using the messages
feature through eBay that codes in the clickable buttons."
///////////////////////////////////////////////////////////////////
The ones that I have been getting in My Messages this week,
have this feature:
When I click the respond button, I am taken straight to the
fake EBAY sign-in screen. >>
I would not click on any link in a suspicious email. Just going to a compromised website can infect your computer according to what I have read.
Bruce
Bruce
Changed everything ASAP after I hit the sign in button.
Didn't wanna get me no trade
Never want to be like papa
Working for the boss every night and day
--"Happy", by the Rolling Stones (1972)
I assume you checked everything about your account that someone might have changed.... there were no BIN auctions that posted and ended in th 5 minutes they had your password, etc.
<< <i>
I would not click on any link in a suspicious email. Just going to a compromised website can infect your computer according to what I have read. >>
I second this suggestion. They are nicknamed drive-by trojans, because a malicious website may try known (and new, unknown) exploits in your web browser to attempt to silently install all kinds of bad software on your computer, such as software that record all your keystrokes and silently transmit them to a malicious hacker. So just "driving-by" a bad website can cause you grief.
<< <i>A little social engineering going on in this one. Even if 00.99% don't fall, they are happy to catch the others.
I assume you checked everything about your account that someone might have changed.... there were no BIN auctions that posted and ended in th 5 minutes they had your password, etc. >>
I think I acted in time. Hopefully. (Crosses fingers)
<< <i> would not click on any link in a suspicious email. Just going to a compromised website can infect your computer according to what I have read. >>
Common sense, and something I pretty much knew better on, but for a momentary lapse of judgement. I suppose a momentary slip is all the thieves need in this cyber age. As to an infected computer, maybe some Trojan horses and viruses would improve the operation of my home PC- it is already buggy as hell.