PDA

View Full Version : OT: eBay Fraud...EXTREME WARNING !!!!!



indygeezer
04-09-2005, 08:24 AM
I just got an email from eBay Security Services saying that my online bill paying info was out of date and if I didn't update it within 72 hrs. they would terminate my account. I wasn't comfortable with some of the questions ie
they want all of my banking info, routeing numbers account numbers, et. they wanted my SS #, my credit card numbers and security codes, they wanted my date of birth on and on. The screen looked legit and even sent me to my eBay history when I asked it to. But I still wasn't comfortable with it so I contacted eBay Live Help. The guy there said it sounds phoney to him...they don't direct questions or fill-in boxes, they give instructions on how to go where and fill-in any needed info. He also said the 72 hrs. threat was a dead give-away as they don't threaten their coustomers with account termination.
He had me forward the messge on to spoof@ebay.com for them to follow-up. I'll let ya know what I find out...in the meantime be warned and be cautious.

THis is the message...copied and pasted: (Note...it had the ebay logo and links across the top looking very legit)
++++++++++++++++++++++++++++++ ++++++++



Thank you for using eBay !



Dear valued eBay member,

It has come to our attention that your eBay Billing Information
records are out of date. That requires you to update the Billing Information
If you could please take 5-10 minutes out of your online experience and update
your billing records, you will not run into any future problems with eBay's online service.
However, failure to update your records will result in account termination.
Please update your records in maximum 72 hours.

Once you have updated your account records, your eBay session will not be
interrupted and will continue as normal. Failure to update will result in
cancellation of service, Terms of Service (TOS) violations or future billing
problems.

Please click here to update your billing records.

Thank you for your time!
Marry Kimmel,
eBay Billing Department team.

indygeezer
04-09-2005, 08:34 AM
Well...in record time I got a response from eBay, here is their response.
++++++++++++++++++++++++++++++++++++++++++++++++++ +++

Hello,

Thank you for writing to eBay regarding the email you received.

Emails such as this, commonly referred to as "spoof" or "phished"
messages, are sent in an attempt to collect sensitive personal or
financial information from the recipients.

The email you reported was not sent by eBay. We have reported this email
to the appropriate authorities.

In the future, be very cautious of any email that asks you to submit
information such as your credit card number or your email password. If
you are ever concerned about an email you receive from eBay, open a new
Web browser, type www.ebay.com into your browser address field, and
click on the "site map" link located at the top the page to access the
eBay page you need.

If you have any doubt about whether an email message is from eBay,
please forward it immediately to spoof@ebay.com. Do not respond to it or
click any of the links. Do not remove the original subject line or
change the email in any way when you forward it to us.

If you have already entered sensitive financial information or your
password into a Web site based on a request from a spoofed email, you
should take immediate action to protect your identity and all of your
online accounts. We have developed an eBay Help page with valuable
information regarding the steps you should take to protect yourself.

http://pages.ebay.com/help/tp/isgw-account-theft-reporting.html

To review eBay's new tutorial about Spoof Emails, please see the
following Web page:

http://pages.ebay.com/education/spooftutorial/

To help you better protect yourself from fake eBay and PayPal Web sites,
we have developed a feature for the eBay Toolbar called "Account Guard."
Account Guard includes an indicator of when you are on an eBay or PayPal
Web site or a known spoof (or "phishing") site, buttons to report fake
eBay Web sites, and a password notification feature that warns you when
you may be entering your eBay password on an unverified site.

To learn more about the eBay Toolbar with Account Guard go to
www.ebay.com, click on "Downloads" at the bottom of the page, and then
click on the "eBay Toolbar" link.

Once again, thank you for alerting us to the spoof email you received.
Your efforts help keep eBay a safe and fair place to trade.

Regards,

Ande
eBay SafeHarbor
Investigations Team
______________________________
eBay
The World's Online Marketplace! ®
*******************************************

Important: eBay will not ask you for sensitive personal information
(such as your password, credit card and bank account numbers, Social
Security numbers, etc.) in an email. Learn more account protection tips
at:

http://pages.ebay.com/help/confidence/isgw-account-theft-protection.html

DisplacedKnick
04-09-2005, 09:19 AM
That's going on with a ton of accounts. I've had e-mails from PayPal (used them exactly once in my life for our fantasy league), Bank of America (who I do no banking with - unless they handle some investment or something) Citibank (got a credit card from them), a bank who I had an auto loan with several years ago, etc.

There's no company on the planet that would ask for additional account information over anything but their secure website, or by US Mail.

My guess is that the Worm that was going around last fall managed to invade a bunch of company sites and draw information from them. I know with Purdue we had to change all of our account info within 24 hours after it hit the system or their security service did it for us.

BigMac
04-09-2005, 09:22 AM
Thanks.

I get these about once a month from places trying to say they are either PayPal or Ebay. What is good is that usually right after I send it to the spoof addresses, the web addresses are shut down. Ebay and PayPal (one in the same now) are really good about reacting to those attempts and getting the web addresses shut down that they link to. I used to click on the link and put in username go**uckyourself and put as a password eatsh**anddie. But I don't bother any more.

indygeezer
04-09-2005, 09:31 AM
That's funny BigMAc. Funny, as much as I'm on the net etc. This was my first "spoof" message.

Sorry to bother y'all with it...I just hadn;t seen it before.....but I guess I'm not a virgin anymore.

BigMac
04-09-2005, 09:43 AM
Anytime you can possibly educate someone, it's not a bother or waste of time. The good thing is that you recognized that something was wrong and did something about it. I wonder how many people have actually fallen for that and lost money?

I bet the numbers would be staggering.

DisplacedKnick
04-09-2005, 10:41 AM
That's funny BigMAc. Funny, as much as I'm on the net etc. This was my first "spoof" message.

Sorry to bother y'all with it...I just hadn;t seen it before.....but I guess I'm not a virgin anymore.

Don't be sorry. It was a good post.

Bball
04-09-2005, 10:58 AM
I get several of these PER day. Some from (supposedly) eBay... Paypal... Regions Bank... eGold... Chase.... Bank of America... on and on.

Most of them get caught in the blacklist/delete filter of Mailwasher but not all.

I get a few hundred emails per day :(

-Bball

PacerMan
04-09-2005, 11:04 AM
I just got an email from eBay Security Services saying that my online bill paying info was out of date and if I didn't update it within 72 hrs. they would terminate my account. I wasn't comfortable with some of the questions ie
they want all of my banking info, routeing numbers account numbers, et. they wanted my SS #, my credit card numbers and security codes, they wanted my date of birth on and on. The screen looked legit and even sent me to my eBay history when I asked it to. But I still wasn't comfortable with it so I contacted eBay Live Help. The guy there said it sounds phoney to him...they don't direct questions or fill-in boxes, they give instructions on how to go where and fill-in any needed info. He also said the 72 hrs. threat was a dead give-away as they don't threaten their coustomers with account termination.
He had me forward the messge on to spoof@ebay.com for them to follow-up. I'll let ya know what I find out...in the meantime be warned and be cautious.

THis is the message...copied and pasted: (Note...it had the ebay logo and links across the top looking very legit)
++++++++++++++++++++++++++++++ ++++++++



Thank you for using eBay !



Dear valued eBay member,

It has come to our attention that your eBay Billing Information
records are out of date. That requires you to update the Billing Information
If you could please take 5-10 minutes out of your online experience and update
your billing records, you will not run into any future problems with eBay's online service.
However, failure to update your records will result in account termination.
Please update your records in maximum 72 hours.

Once you have updated your account records, your eBay session will not be
interrupted and will continue as normal. Failure to update will result in
cancellation of service, Terms of Service (TOS) violations or future billing
problems.

Please click here to update your billing records.

Thank you for your time!
Marry Kimmel,
eBay Billing Department team.


New to Ebay? That's been going on for YEARS.
The NEW scam (that Ebay will continue to ignore) has the non winning bidders getting a "2nd chance" email. ie: "the winning bidder has failed to follow through, you have the chance to buy the item at your last bid price, etc etc"
This goes to EVERYONE that bid on an item and has scammed thousands out of millions of dollars.
Yet ebay will continue to ignore it.
A WHOLE bunch of people are blantently stealing with no reprecussions whatsoever. Paypal is just as guilty.
But you can spare your complaints, they couldn't care less.

PacerMan
04-09-2005, 11:06 AM
I get several of these PER day. Some from (supposedly) eBay... Paypal... Regions Bank... eGold... Chase.... Bank of America... on and on.

Most of them get caught in the blacklist/delete filter of Mailwasher but not all.

I get a few hundred emails per day :(

-Bball

Open a Yahoo or Hotmail account and only use it for personal correspondence. THen you won't get the address added to all the spam mail.

Bball
04-09-2005, 11:23 AM
New to Ebay? That's been going on for YEARS.
The NEW scam (that Ebay will continue to ignore) has the non winning bidders getting a "2nd chance" email. ie: "the winning bidder has failed to follow through, you have the chance to buy the item at your last bid price, etc etc"
This goes to EVERYONE that bid on an item and has scammed thousands out of millions of dollars.
Yet ebay will continue to ignore it.
A WHOLE bunch of people are blantently stealing with no reprecussions whatsoever. Paypal is just as guilty.
But you can spare your complaints, they couldn't care less.

That is (or was, haven't checked recently to see if that option still exists) a legitimate practice. I hadn't thought about anyone taking advantage of it like that and using it for scamming purposes. A few years ago eBay implemented an option for sellers who have multiple items to offer the losing bidder(s) the items at their final bid price if the seller wanted. It sounds like someone has spoiled that.

As for Paypal... Paypal IS eBay now.

I used to sell quite a bit on eBay but eBay kept subdividing the categories down until it reached the point they hurt my sales (no way to list these in all the relevant categories without costing too much to make it worth it.. and listing in just a few categories didn't get all the views I needed to maintain the sales pace). They also got pretty silly with the rules about keyword spamming. It's tought to sell an accessory item when naming what it works with (in the description) is (arguably) a violation of their 'keyword spamming' policy.

-Bball

indygeezer
04-09-2005, 01:42 PM
I've never used PayPal. always paid my Postal Money Order. Sothat made me wonder from the get-fo. ALthough I do use Credit Card with Amazon which now slls thru eBay soy I thought perhaps that is where it originated.

So yer telling me I shouldn't try to sell my archery equipment or my tube type Fender Bandmaster guitar amp thru auction, is that it?

indytoad
04-09-2005, 10:00 PM
Here, just get it all taken care of in one fell swoop (http://www.cockeyed.com/citizen/accounts/update.html).

IndyToad
How much is inside me?

TheSauceMaster
04-09-2005, 10:38 PM
This is why you should use Spoofstick , it will actually tell you what url you are being redirect to or if it takes you to a legit site. I have had this forever since using Firefox , but I see they also now have a version for IE.

http://www.corestreet.com/spoofstick/index.html

What is SpoofStick?
SpoofStick is a simple browser extension that helps users detect spoofed (fake) websites. A spoofed website is typically made to look like a well known, branded site (like ebay.com or citibank.com) with a slightly different or confusing URL. The attacker then tries to trick people into going to the spoofed site by sending out fake email messages or posting links in public places - hoping that some percentage of users won't notice the incorrect URL and give away important information. This practice is sometimes known as “phishing".

SpoofStick makes it easier to spot a spoofed website by prominently displaying only the most relevant domain information.

DisplacedKnick
04-10-2005, 08:41 AM
I've never used PayPal. always paid my Postal Money Order. Sothat made me wonder from the get-fo. ALthough I do use Credit Card with Amazon which now slls thru eBay soy I thought perhaps that is where it originated.

So yer telling me I shouldn't try to sell my archery equipment or my tube type Fender Bandmaster guitar amp thru auction, is that it?

I've wondered if one of the credit bureaus - the companies that do the ratings - got hit. I haven't gotten an e-bay one but I did use Paypal one time - does that go into a credit report?

Though I guess if they got into your card statements they'd have that.

Bball
04-10-2005, 11:58 AM
I've wondered if one of the credit bureaus - the companies that do the ratings - got hit. I haven't gotten an e-bay one but I did use Paypal one time - does that go into a credit report?

Though I guess if they got into your card statements they'd have that.

I don't think they call it 'phishing' for nothing. I imagine there's no connection to the spoofed emails you get and your name at the entities they claim to be from. They figure of the millions upon millions of these things they sent out they're likely to hit paydirt with at least a few going to people who have accounts at these places.

We also can't forget the idiot factor of people not even realizing they don't have an account or do business with the supposed entity and still they give up SS# or CC info.

-Bball