Fake eBay Emails

  • Thread starter cronxeh
  • Start date

cronxeh

Gold Member
949
10
Today I've received an email that claims to be eBay. The idea is simple - they sent a gullible american an email and tell you in some formal-ish fashion that your account needs to be updated, and even provide you with the link! Ah what nice people, eh?

The catch is that is had nothing to do with eBay. I'm personally aware of at least a dozen people who actually bought into this for one reason or another - make sure you dont become a yet another victim.

Here is how it works. They send you an email with a fake header pretending to be from eBay. Yes it will have an email from aw-confirm@ebay.com. But that header is faked. You can use any number of fake email programs to generate those headers or you can do it manually if you telnet to smtp ( port 25 ) of any email server you are trying to reach. Particularly the way the spammers do this is simply mass email the suspected eBay customers and on average 2-3 % will actually buy into this and go to the provided link, enter their account username and password, and if the fake eBay page is really good they wont even notice how their username and password has been recorded on the fake server's logs and used to log into real eBay. Or in most cases they may even go on and tell you to enter new credit/debit card number (or bank account) so that they 'know you are verified' or something along those lines.

This is the fake Email Ive received about 20 minutes ago:

Alert ID : 0845913851

It has come to our attention that your eBay Billing Information
records are out of date. That requires you to update the Billing Information
If you could please take 5-10 minutes out of your online experience and update
your billing records, you will not run into any future problems with eBay's online service.
However, failure to update your records will result in account termination.
Please update your records in maximum 72 hours.

Once you have updated your account records, your eBay session will not be
interrupted and will continue as normal. Failure to update will result in
cancellation of service, Terms of Service (TOS) violations or future billing
problems.

Please click here to update your billing records.
Please Note - If your account informations are not updated within the next 72 hours, then we will assume this account is fraudulent and will be cancelled. We apologize for this inconvenience, but the purpose of this verification is to ensure that your eBay account has not been fraudulently used.

We appreciate your support and understating, as we work together to keep eBay a safe place to trade.

Thank you for your patience in this matter.

Regards, Safeharbor Department (Trust and Safety Department)
eBay Inc.

Please do not reply to this e-mail as this is only a notification message.

Copyright 2005 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
eBay and the eBay logo are trademarks of eBay Inc. is located at Hamilton Avenue, San Jose, CA 95125


The link they've provided was http:// 211.105.222.71 /[and standard eBay login path]. Now this is not eBay's server IP, and eBay wont send you an email like that anyway.

Upon checking on that IP (211.105.222.71) it was registered for the following place:

211.104.0.0 - 211.119.255.255
KRNIC
Korea Network Information Center

Host Master
11F, KTF B/D, 1321-11, Seocho2-Dong, Seocho-Gu,
Seoul, Korea, 137-857
+82-2-2186-4500
+82-2-2186-4496
hostmaster@nic.or.kr

Now I dont need to remind you why people in Korea are so grateful to the Americans and keep spamming them. Make sure you dont click on any email from eBay and instead simply go to www.ebay.com[/URL] go to My Messages and see if eBay had something to say to you. This email has been reported to eBay. However I wont send email to [email]hostmaster@nic.or.kr[/email] for two reasons: 1) I dont think it would matter and 2) he might be involved himself, and sending an email will only confirm my email address being valid in their spam lists. Dont make same mistakes.
 
Last edited by a moderator:

Evo

Mentor
22,867
2,343
Good information to pass along cronxeh.

I got the same spam a few weeks ago, funny because I don't have an e-bay account. :biggrin:
 

FredGarvin

Science Advisor
5,050
6
I've gotten the e-mails from e-bay as well as the same thing from different "banks" that I have never heard of, let alone have an account with.
 

brewnog

Science Advisor
Gold Member
2,701
7
Some of them can look really convincing. I've had a few which actually greeted me with my own ebay user name, and all the links looked like they were on the ebay.co.uk domain. As usual, they were asking me to update my account details.

Out of curiosity, I followed the links and entered some (fake) information (I made up a user name and password). Needless to say, it accepted it all, before asking me for my name, address, and credit card details. Urrrrm, no thanks!
 

cronxeh

Gold Member
949
10
I think the reason why it showed your information is because of the cookies and cache stored. You can make it automatically display for the username, but they wont see it if you dont enter it.

Also I will post a way to secure yourself from falling for another trap: a fake router that sniffs your traffic tunneled between you and any server. This is not a particularly new thing, but through the clever manipulation of meta headers you can hijack the traffic and redirect to a tunneled page which will record all your submitted information.

That is why you should NOT use Internet Explorer. Get Mozilla Firefox. The address bar will show green if its SSL-secured, and show red if its NOT a secure connection.
 
Last edited:

brewnog

Science Advisor
Gold Member
2,701
7
cronxeh said:
I think the reason why it showed your information is because of the cookies and cache stored. You can make it automatically display for the username, but they wont see it if you dont enter it.
Nope, they just took a guess. My ebay user name is the same as an email address I have, although not the one related to my account!
 

Janus

Staff Emeritus
Science Advisor
Insights Author
Gold Member
3,395
1,072
It's not just e-bay that these people will use. I've gotten emails that supposedly came from my ISP that followed the same pattern. If you recieve any email from source of this nature, assume that it is a fraud. You can directly contact the site the email claims to be from. Just forward them the e-mail and ask for confirmation.
 

Integral

Staff Emeritus
Science Advisor
Gold Member
7,185
55
forward all such emails to

spoof@ebay.com

ebay wants to know about these fraudlent emails this is the best way to help them deal with the problem.
 

BobG

Science Advisor
Homework Helper
110
80
The spelling and grammar have improved over their last scam, but it still looks like it was written by a foreigner using a XXXXXX to English dictionary (foreigners get pretty frustrated when they try to pull off scams involving zucchini - the American readers scratch their head and wonder "What the heck are courgettes?")

Scarier are the ones that come from an English speaking country. Fortunately, any originating from the US get shut down pretty quick.

It's always best to be suspicous of any links included in an E-mail, regardless of how well it's worded.
 

Math Is Hard

Staff Emeritus
Science Advisor
Gold Member
4,491
27
Don't get phished!

PayPal put together a nice little page on this topic:

Protect yourself from fraudulent emails


and here's their "10 ways to recognize fake (spoof) emails" advice

1. Generic greetings. Many spoof emails begin with a general greeting, such as: "Dear PayPal member." If you do not see your first and last name, be suspicious and do not click on any links or button.
2. A fake sender's address. A spoof email may include a forged email address in the "From" field. This field is easily altered.
3. A false sense of urgency. Many spoof emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP. They may also state that an unauthorized transaction has recently occurred on your account, or claim PayPal is updating its accounts and needs information fast.
4. Fake links. Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar. A fraudulent link is dangerous. If you click on one, it could:
- Direct you to a spoof website that tries to collect your personal data.
- Install spyware on your system. Spyware is an application that can enable a hacker to monitor your actions and steal any passwords or credit card numbers you type online.
- Cause you to download a virus that could disable your computer.
5. Emails that appear to be websites. Some emails will look like a website in order to get you to enter personal information. PayPal never asks for personal information in an email.
6. Deceptive URLs. Only enter your PayPal password on PayPal pages. These begin with https://www.paypal.com/
If you see an @ sign in the middle of a URL, there's a good chance this is a spoof. Legitimate companies use a domain name (e.g. https://www.company.com).
Even if a URL contains the word "PayPal," it may not be a PayPal site. Examples of deceptive URLs include: www.paypalsecure.com[/url], [url]www.paypa1.com[/url], [url]www.secure-paypal.com[/url], and [url]www.paypalnet.com[/URL].
Always log in to PayPal by opening a new web browser and typing in the following: [url]https://www.paypal.com/[/url]
Never log in to PayPal from a link in an email
7. [B]Misspellings and bad grammar. [/B] Spoof emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. Mistakes also help fraudsters avoid spam filters.
8. [B]Unsafe sites.[/B] The term "https" should always precede any website address where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure web session, and you should not enter data.
9. [B]Pop-up boxes.[/B] PayPal will never use a pop-up box in an email as pop-ups are not secure.
10. [B]Attachments.[/B] Like fake links, attachments are frequently used in spoof emails and are dangerous. Never click on an attachment. It could cause you to download spyware or a virus. PayPal will never email you an attachment or a software update to install on your computer.
 
Last edited by a moderator:

Moonbear

Staff Emeritus
Science Advisor
Gold Member
11,349
51
Integral said:
forward all such emails to

spoof@ebay.com

ebay wants to know about these fraudlent emails this is the best way to help them deal with the problem.
Thanks Integral. I've just been deleting them.

Oh, folks, there's a new one I just got yesterday that's pretty much the same message but uses Amazon instead of e-bay and I've seen them for PayPal before too. I only opened the Amazon one because I'm expecting an order at first just looked at the sender. The most obvious clues it was a fraud was the glaring typo in the subject line and in the greeting it read: "Dear AMAZON Customer" Yes, the sizing of "Amazon" was smaller than the rest of the greeting line, indicating to me there are more variations to come where different company names are inserted.

It was also funny to read, because it said things like, "If you don't take action, sometime in the future your account might be difficult to use." (That's a paraphrase.) It was just funny because it was so wishy washy. Any real company suspecting fraud on your account will freeze it immediately.
 

Astronuc

Staff Emeritus
Science Advisor
18,552
1,682
Paypal is part of Ebay now. So if you get a fraudulent email (phish) from Ebay or Paypal, sent to the email address provided by integral. Most banks have a similar email address for reporting phish.

I received the following from Ebay/Paypal after reporting several phish emails:

1. IDENTIFYING FAKE EMAILS AND WEB SITES
The best defense against fake emails and Web sites is learning how to
spot them. You can learn more about fake emails and Web sites through
our Spoof Tutorial at the following Web page:


http://pages.ebay.com/education/spooftutorial/


2. USING EBAY TOOLBAR WITH ACCOUNT GUARD
One of the best tools to protect yourself from fraudulent (spoof) Web
sites is eBay Toolbar with Account Guard. The Account Guard feature
indicates when you are on an eBay or PayPal Web site and warns you if
you are on a known spoof site. To learn more about eBay Toolbar with
Account Guard open a new browser and type www.ebay.com/ebay_toolbar[/URL] into the address bar.


3. PROTECTING YOUR ACCOUNT AND INTERNET SECURITY
We recommend that you keep your browser, operating system, and virus
protection software up to date. Check for updates at the "Windows
Update" link on [PLAIN]www.microsoft.com[/URL] and scan your computer for viruses
often.


If you think your personal information has been compromised in any way,
you should take immediate steps to change your eBay, PayPal, and email
passwords. You should also contact your bank to see if there has been
any suspicious activity on your account. You can find more information
about protecting your identity at the following help page:


[url]http://pages.ebay.com/help/confidence/problems-identity-theft.html[/url]
 
Last edited by a moderator:

Moonbear

Staff Emeritus
Science Advisor
Gold Member
11,349
51
And if someone here has fallen for one of these and thinks their personal information has wound up in the wrong hands, you can file a "Preliminary Fraud Alert" with the major credit reporting agencies (for those in the U.S.). This will last 90 days. If you need to extend that, you can have one put on for 7 years. The longer term one requires you have a police report filed as proof of fraudulent activity, the 90 day alert does not.

If you report to one credit reporting agency, they will contact the other two on your behalf, so you only need to do this once. You should also check your credit report regularly. It can take a month or two for fraudulent activity to show up on it. You're entitled to one free credit report from each agency per year, so you can get three free in a year if you go to each of the agencies.

The three credit agencies' websites are:
www.equifax.com
www.experian.com
www.transunion.com

There's more information on each of those plus phone numbers. If your information gets into the wrong hands, beware of any further companies contacting you by email to "protect" your credit. They prey on the victims trying to charge you to do what you can do for free yourself.
 

Related Threads for: Fake eBay Emails

  • Posted
Replies
3
Views
1K
  • Posted
Replies
17
Views
2K
  • Posted
Replies
15
Views
2K
  • Posted
Replies
18
Views
3K
  • Posted
Replies
18
Views
2K
  • Posted
Replies
14
Views
3K
  • Posted
Replies
5
Views
3K
Replies
3
Views
3K

Physics Forums Values

We Value Quality
• Topics based on mainstream science
• Proper English grammar and spelling
We Value Civility
• Positive and compassionate attitudes
• Patience while debating
We Value Productivity
• Disciplined to remain on-topic
• Recognition of own weaknesses
• Solo and co-op problem solving

Hot Threads

Top