Author Topic: Warning: eBay scam  (Read 3362 times)

zurielshimon

  • You never thought it'd hurt so bad
  • *****
  • Posts: 2690
    • AOL Instant Messenger - weetbixkid36
    • View Profile
    • http://www.myspace.com/193866568
Warning: eBay scam
« on: January 30, 2005, 11:49:15 pm »
I'm not one to usually post stuff like this, but I'm concerned for some of you who might slip up once not paying attention.  There is a scam coming through email aimed at stealing eBay account information.  Here is a message I received yesterday:

Quote
From :    eBay <service@ebay.com>
Reply-To :    service@ebay.com
Sent :    Sunday, January 30, 2005 2:39 AM
To :    (Address Omitted for Privacy)
Subject :    Account updates
   
   
Go to previous message   |   Go to next message   |   Delete   |   Inbox
message sent from nemer.info
From collectibles to cars, buy and sell all kinds of items on eBay
   
Dear eBay member,    
   

   We at eBay are sorry to inform you that we are having problems with
the billing information of your account. We would appreciate it if you
would visit our eBay Billing Center and fill out the proper
information that we are needing to keep you as an eBay member. If you don't comply until the 30st January 2005, your eBay membership may be suspended, or even deleted.

Click here to complete our web form.
   
   
   As outlined in our User Agreement, eBay will periodically send you
information about site changes and enhancements. Visit our Privacy
Policy and User Agreement if you have any questions.
   
Thank you!


Copyright © 1995-2004 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
eBay and the eBay logo are trademarks of eBay Inc.


This message has all the genuine eBay logos, and the link at "Click here to complete our web form." takes me to here:

http://www.190.sy/helpdesk_en/setup/

a page on a Syrian website which looks remarkably like the real eBay sign-in page:

https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&ssPageName=h:h:sin:US

enough that you might not notice and enter your real user ID and password and unknowingly sign it all away to these people.

I was first suspicious because eBay doesn't need my billing information anyway since I'm not an eBay seller, and second I noticed their English was not very good:  "If you don't comply until the 30st January 2005..."  So I decided to check it out, and sure enough, it's a scam.

Here's how you can tell a fake:

1. First of all, eBay sent you a message when you first signed up that said they will not send you a message like this one asking for this information.
2. Make sure you are at an ebay.com address before entering any eBay-related information.
3. Before entering any passwords or personal information anywhere, eBay included, make sure the site is secure.  There will be a lock icon at the bottom right of your screen, and, in most browers, your address bar will turn peach.  Also look for the address to begin with "https://".
Dustin

Grakthis

  • VCUBs
  • Keepin' secrets at midnight
  • *
  • Posts: 3983
  • Lord Andrew
    • AOL Instant Messenger - Grakthis
    • View Profile
    • http://www.grakthis.com
Warning: eBay scam
« Reply #1 on: January 31, 2005, 07:15:18 am »
Wow.  This needed to be a thread on here.  :roll:  :roll:  :roll:
If you are reading this, you are probably on my ignore list.  Click here to return the favor

Wagella Wrote:Yay for Bigotry!!

---Andrew

zurielshimon

  • You never thought it'd hurt so bad
  • *****
  • Posts: 2690
    • AOL Instant Messenger - weetbixkid36
    • View Profile
    • http://www.myspace.com/193866568
Warning: eBay scam
« Reply #2 on: January 31, 2005, 07:38:20 am »
I've just been alerted that if you are using MSIE, the fake eBay sign-in page projects a false address over the address bar in the MSIE window to make you think you are on the secure https://signin.ebay.com/ site!

To see this, open up http://www.190.sy/helpdesk_en/setup/ in MSIE 5.5 or 6.0 and either move the IE window around on the screen or switch to another task, and you'll notice the fake address sticks on the screen where the address bar is on the IE window.
Dustin

zurielshimon

  • You never thought it'd hurt so bad
  • *****
  • Posts: 2690
    • AOL Instant Messenger - weetbixkid36
    • View Profile
    • http://www.myspace.com/193866568
Warning: eBay scam
« Reply #3 on: January 31, 2005, 07:39:53 am »
Quote from: "Grakthis"
Wow.  This needed to be a thread on here.  :roll:  :roll:  :roll:
I understand, and like I said, I don't usually post this stuff, but this was exceptionally clever on the part of the site authors.
Dustin

rroo

  • Just a day, just an ordinary day
  • ****
  • Posts: 278
    • View Profile
    • http://www.vanessacarlton.info
Warning: eBay scam
« Reply #4 on: January 31, 2005, 11:47:38 am »
If you're suspicious, also click on the lock icon. Hacked computers can be redirected to sites like http://www.190.sy/helpdesk_en/setup/ when https://signin.ebay.com/ is entered in the address bar. So even though the page and address look safe, your still on the wrong site. By clicking the lock you can check if you're really on the site you intended to visit.

rogier

Grakthis

  • VCUBs
  • Keepin' secrets at midnight
  • *
  • Posts: 3983
  • Lord Andrew
    • AOL Instant Messenger - Grakthis
    • View Profile
    • http://www.grakthis.com
Warning: eBay scam
« Reply #5 on: January 31, 2005, 12:02:52 pm »
Quote from: "zurielshimon"
I've just been alerted that if you are using MSIE, the fake eBay sign-in page projects a false address over the address bar in the MSIE window to make you think you are on the secure https://signin.ebay.com/ site!

To see this, open up http://www.190.sy/helpdesk_en/setup/ in MSIE 5.5 or 6.0 and either move the IE window around on the screen or switch to another task, and you'll notice the fake address sticks on the screen where the address bar is on the IE window.


It's a clever attempt... but it doesn't lineup on my screen.  Typically you cannot hover HTML objects outside of the HTML window.
If you are reading this, you are probably on my ignore list.  Click here to return the favor

Wagella Wrote:Yay for Bigotry!!

---Andrew

Trolan

  • Administrator
  • Make me high on lullabies
  • *****
  • Posts: 219
    • View Profile
    • http://www.trolans.net/
Warning: eBay scam
« Reply #6 on: January 31, 2005, 02:44:40 pm »
Another reason to use Firefox, or some other browser besides MSIE.  Most of these scams use known problems in MSIE, and as IE doesn't jump up and down about obvious mismatches like that, it's easy to fake it.  Firefox  on the other hand, shows the site the SSL cert is for, right on the browser, right by the lock, as well as yellowing the address bar.  Now, once market shares go up, I'd expect more scammers to try and make their work cross-browser, but for now it's a much safer option.

Steveau

  • VCUBs
  • Fine as dandelions
  • *
  • Posts: 1517
  • OLD man whistling
    • AOL Instant Messenger - Steveau98
    • View Profile
Warning: eBay scam
« Reply #7 on: January 31, 2005, 05:39:05 pm »
I've gotten those e-mails and just forward them as spoofs to eBay. I report all e-mails that ask me to confirm identity or personal information because no company would do that. I've gotten some from PayPal and banking institutions that are obviously spoofs too. It's so common I've already tuned them out.