Options
Almost Hijacked....
NewParadigm
Posts: 1,322
I reveived a rather disturbing message from a "supposed" ebay buyer. In short, he claim that he paid for an item that I sold him and I was ignoring his emails. Further, if I don't respond promptly, he was going to call the police. Suspicious, I look up the buyers ID and see that I have no record of him buying anything from me. So, I click to respond and it asked me to log in. At this point, it looks 100% legit, except I noticed the URL was not that of ebay; it was a strange address with a foreign suffix.
I believe this is how they hijack you account. You log in, enter your password and user name, then it brings you the legit ebay home page. At this point, they have just seized your information. Here is what the email looks like.
I like the reply-to on the top: us the yellow button
I believe this is how they hijack you account. You log in, enter your password and user name, then it brings you the legit ebay home page. At this point, they have just seized your information. Here is what the email looks like.
I like the reply-to on the top: us the yellow button
0
Comments
<< <i>I reveived a rather disturbing message from a "supposed" ebay buyer. In short, he claim that he paid for an item that I sold him and I was ignoring his emails. Further, if I don't respond promptly, he was going to call the police. Suspicious, I look up the buyers ID and see that I have no record of him buying anything from me. So, I click to respond and it asked me to log in. At this point, it looks 100% legit, except I noticed the URL was not that of ebay; it was a strange address with a foreign suffix.
I believe this is how they hijack you account. You log in, enter your password and user name, then it brings you the legit ebay home page. At this point, they have just seized your information. Here is what the email looks like.
I like the reply-to on the top: us the yellow button >>
Can you PM me the URL? I work for a computer security company and we frequently work with various government agencies to get phishing attacks like this taken down. I'd recommend that you right click on the link in your email client and copy it rather than open it again.
Thanks!
Computer users should never log into any type of personal account from an email link.
"A car is a tool that takes you from one place to another. Everything beyond that is a payment for other people's perception of you."
Please visit my website Millcitynumismatics.com
i always look at email address sent from with incoming emails
<< <i>email was from from...@ebey.us...
i always look at email address sent from with incoming emails >>
Don't ever let a "good" email address lull you into a false sense of security.
It's trivial to forge them, but most spam filters should catch it -- but still, don't depend on the email address.
The best advice here was to always go to the site from your browser and never from a link in an email. Even if it's legit, just don't ever do it to break the habit.
I was about to enter my information, when I noticed something weird. The address on the top of the page just looked "off." It WAS Paypal.com, but when I moved the window, the address bar tried to follow my motion! It was literally an image of the real address sitting on TOP of the actual address window. I had never seen that done before, and it almost tricked me! It was interesting to move my browser window around and watch the fake address bar trying to keep up! Lol
-Paul
<< <i>"I will reclaim you to ebay" should have been the first red flag.
Computer users should never log into any type of personal account from an email link. >>
I will reclaim you - that made me laugh as well.
Like saying: I've been in this country a short distance.
I never respond to any emails that make me link to any website.
In this case, I can just as easily go on line to my own eBay account
without some scammer's help.
Glad you caught this. Did you report it to eBay ?
~~~~~~~~~~~~
Coin collecting is not a hobby, it's an obsession !
New Barber Purchases
<< <i>
<< <i>email was from from...@ebey.us...
i always look at email address sent from with incoming emails >>
Don't ever let a "good" email address lull you into a false sense of security.
It's trivial to forge them, but most spam filters should catch it -- but still, don't depend on the email address.
The best advice here was to always go to the site from your browser and never from a link in an email. Even if it's legit, just don't ever do it to break the habit. >>
this case...it didn't pass 1st hurdle in email address...ebey is obvious
<< <i>"I will reclaim you to ebay" should have been the first red flag.
Computer users should never log into any type of personal account from an email link. >>
Agree.
If I receive something from someone I've not done business with, and I DO know who they are since I get notified when something sells, I report it to spoof@ebay.com
I even report all emails from PayPal to spoof@paypal.com just to be sure they are valid.
The name is LEE!
spoof@ebay.com
<< <i>The ebay representative advised me to forward all suspicious emails to:
spoof@ebay.com >>
Where I am sure that they will delete it without reading it.
If you sell on ebay, get used to it. This is a daily event for me.
Never follow a link in any 'ebay' e-mail. Delete them all without opening, and use ebay's message system.
merse
<< <i>Obviously from someone with no grasp of the English language. >>
How is life in the glass house?
Message edited to add the winky.
See http://www.doubledimes.com for a free online reference for US twenty-cent pieces
That's the first clue. email is a trash can. Why open up the garbage can to do business regarding eBay ? Go to the message center in eBay and leave the trash alone.
``https://ebay.us/m/KxolR5
AL
<< <i>The ebay representative advised me to forward all suspicious emails to: spoof@ebay.com >>
I used to do that. I haven't bothered for a few years. I get 3 or 4 of that phish per week. Having sold thousands of low cost presidential dollars and other moderns on ebay my email address is in a lot of buyers email list so I get a lot of this. As an aside, I also get porn spam frequently from ebay customers who have downloaded a virus and now the virus is sending out spam in their name.
--Jerry
<< <i>
<< <i>The ebay representative advised me to forward all suspicious emails to:
spoof@ebay.com >>
Where I am sure that they will delete it without reading it. >>
Each of these is read and responded to. At least that has been my experience with each report I submit and I'm really a nobody.
The name is LEE!
<< <i>The ebay representative advised me to forward all suspicious emails to:
spoof@ebay.com >>
i do it everytime i get something funny off of ebay
``https://ebay.us/m/KxolR5
<< <i>email was from from...@ebey.us...
i always look at email address sent from with incoming emails >>
That's the first thing that stood out to me too. As a general rule, I never answer these things directly from my email. I close the browser, start a new browser window, and go directly to the eBay site. Any messages can be accessed from the "My Messages" section. There is never a reason to be fooled into a scam like this.
<< <i>The scariest one I've ever received was a Paypal one I got maybe 5 years ago. When you clicked the link to sign in, it brought you to a very real-looking Paypal home page.
I was about to enter my information, when I noticed something weird. The address on the top of the page just looked "off." It WAS Paypal.com, but when I moved the window, the address bar tried to follow my motion! It was literally an image of the real address sitting on TOP of the actual address window. I had never seen that done before, and it almost tricked me! It was interesting to move my browser window around and watch the fake address bar trying to keep up! Lol
-Paul >>
Now that's scary. I have never heard of something like this, and I didn't even know this was technically possible.
Authorized dealer for PCGS, PCGS Currency, NGC, NCS, PMG, CAC. Member of the PNG, ANA. Member dealer of CoinPlex and CCE/FACTS as "CH5"