Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Fake eBay Emails

  1. Jun 16, 2005 #1


    User Avatar
    Gold Member

    Today I've received an email that claims to be eBay. The idea is simple - they sent a gullible american an email and tell you in some formal-ish fashion that your account needs to be updated, and even provide you with the link! Ah what nice people, eh?

    The catch is that is had nothing to do with eBay. I'm personally aware of at least a dozen people who actually bought into this for one reason or another - make sure you dont become a yet another victim.

    Here is how it works. They send you an email with a fake header pretending to be from eBay. Yes it will have an email from aw-confirm@ebay.com. But that header is faked. You can use any number of fake email programs to generate those headers or you can do it manually if you telnet to smtp ( port 25 ) of any email server you are trying to reach. Particularly the way the spammers do this is simply mass email the suspected eBay customers and on average 2-3 % will actually buy into this and go to the provided link, enter their account username and password, and if the fake eBay page is really good they wont even notice how their username and password has been recorded on the fake server's logs and used to log into real eBay. Or in most cases they may even go on and tell you to enter new credit/debit card number (or bank account) so that they 'know you are verified' or something along those lines.

    This is the fake Email Ive received about 20 minutes ago:

    The link they've provided was http:// /[and standard eBay login path]. Now this is not eBay's server IP, and eBay wont send you an email like that anyway.

    Upon checking on that IP ( it was registered for the following place: -
    Korea Network Information Center

    Host Master
    11F, KTF B/D, 1321-11, Seocho2-Dong, Seocho-Gu,
    Seoul, Korea, 137-857

    Now I dont need to remind you why people in Korea are so grateful to the Americans and keep spamming them. Make sure you dont click on any email from eBay and instead simply go to www.ebay.com[/URL] go to My Messages and see if eBay had something to say to you. This email has been reported to eBay. However I wont send email to [email]hostmaster@nic.or.kr[/email] for two reasons: 1) I dont think it would matter and 2) he might be involved himself, and sending an email will only confirm my email address being valid in their spam lists. Dont make same mistakes.
    Last edited by a moderator: Apr 21, 2017
  2. jcsd
  3. Jun 16, 2005 #2


    User Avatar

    Staff: Mentor

    Good information to pass along cronxeh.

    I got the same spam a few weeks ago, funny because I don't have an e-bay account. :biggrin:
  4. Jun 16, 2005 #3


    User Avatar
    Science Advisor

    I've gotten the e-mails from e-bay as well as the same thing from different "banks" that I have never heard of, let alone have an account with.
  5. Jun 16, 2005 #4


    User Avatar
    Science Advisor
    Gold Member

    Some of them can look really convincing. I've had a few which actually greeted me with my own ebay user name, and all the links looked like they were on the ebay.co.uk domain. As usual, they were asking me to update my account details.

    Out of curiosity, I followed the links and entered some (fake) information (I made up a user name and password). Needless to say, it accepted it all, before asking me for my name, address, and credit card details. Urrrrm, no thanks!
  6. Jun 16, 2005 #5


    User Avatar
    Gold Member

    I think the reason why it showed your information is because of the cookies and cache stored. You can make it automatically display for the username, but they wont see it if you dont enter it.

    Also I will post a way to secure yourself from falling for another trap: a fake router that sniffs your traffic tunneled between you and any server. This is not a particularly new thing, but through the clever manipulation of meta headers you can hijack the traffic and redirect to a tunneled page which will record all your submitted information.

    That is why you should NOT use Internet Explorer. Get Mozilla Firefox. The address bar will show green if its SSL-secured, and show red if its NOT a secure connection.
    Last edited: Jun 16, 2005
  7. Jun 16, 2005 #6


    User Avatar
    Science Advisor
    Gold Member

    Nope, they just took a guess. My ebay user name is the same as an email address I have, although not the one related to my account!
  8. Jun 16, 2005 #7


    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    It's not just e-bay that these people will use. I've gotten emails that supposedly came from my ISP that followed the same pattern. If you recieve any email from source of this nature, assume that it is a fraud. You can directly contact the site the email claims to be from. Just forward them the e-mail and ask for confirmation.
  9. Jun 16, 2005 #8


    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    forward all such emails to


    ebay wants to know about these fraudlent emails this is the best way to help them deal with the problem.
  10. Jun 16, 2005 #9


    User Avatar
    Science Advisor
    Homework Helper

    The spelling and grammar have improved over their last scam, but it still looks like it was written by a foreigner using a XXXXXX to English dictionary (foreigners get pretty frustrated when they try to pull off scams involving zucchini - the American readers scratch their head and wonder "What the heck are courgettes?")

    Scarier are the ones that come from an English speaking country. Fortunately, any originating from the US get shut down pretty quick.

    It's always best to be suspicous of any links included in an E-mail, regardless of how well it's worded.
  11. Jun 16, 2005 #10

    Math Is Hard

    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Don't get phished!

    PayPal put together a nice little page on this topic:

    Protect yourself from fraudulent emails

    and here's their "10 ways to recognize fake (spoof) emails" advice

    1. Generic greetings. Many spoof emails begin with a general greeting, such as: "Dear PayPal member." If you do not see your first and last name, be suspicious and do not click on any links or button.
    2. A fake sender's address. A spoof email may include a forged email address in the "From" field. This field is easily altered.
    3. A false sense of urgency. Many spoof emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP. They may also state that an unauthorized transaction has recently occurred on your account, or claim PayPal is updating its accounts and needs information fast.
    4. Fake links. Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar. A fraudulent link is dangerous. If you click on one, it could:
    - Direct you to a spoof website that tries to collect your personal data.
    - Install spyware on your system. Spyware is an application that can enable a hacker to monitor your actions and steal any passwords or credit card numbers you type online.
    - Cause you to download a virus that could disable your computer.
    5. Emails that appear to be websites. Some emails will look like a website in order to get you to enter personal information. PayPal never asks for personal information in an email.
    6. Deceptive URLs. Only enter your PayPal password on PayPal pages. These begin with https://www.paypal.com/
    If you see an @ sign in the middle of a URL, there's a good chance this is a spoof. Legitimate companies use a domain name (e.g. https://www.company.com).
    Even if a URL contains the word "PayPal," it may not be a PayPal site. Examples of deceptive URLs include: www.paypalsecure.com[/url], [url]www.paypa1.com[/url], [url]www.secure-paypal.com[/url], and [url]www.paypalnet.com[/URL].
    Always log in to PayPal by opening a new web browser and typing in the following: [url]https://www.paypal.com/[/url]
    Never log in to PayPal from a link in an email
    7. [B]Misspellings and bad grammar. [/B] Spoof emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. Mistakes also help fraudsters avoid spam filters.
    8. [B]Unsafe sites.[/B] The term "https" should always precede any website address where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure web session, and you should not enter data.
    9. [B]Pop-up boxes.[/B] PayPal will never use a pop-up box in an email as pop-ups are not secure.
    10. [B]Attachments.[/B] Like fake links, attachments are frequently used in spoof emails and are dangerous. Never click on an attachment. It could cause you to download spyware or a virus. PayPal will never email you an attachment or a software update to install on your computer.
    Last edited by a moderator: Apr 21, 2017
  12. Jun 16, 2005 #11


    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Thanks Integral. I've just been deleting them.

    Oh, folks, there's a new one I just got yesterday that's pretty much the same message but uses Amazon instead of e-bay and I've seen them for PayPal before too. I only opened the Amazon one because I'm expecting an order at first just looked at the sender. The most obvious clues it was a fraud was the glaring typo in the subject line and in the greeting it read: "Dear AMAZON Customer" Yes, the sizing of "Amazon" was smaller than the rest of the greeting line, indicating to me there are more variations to come where different company names are inserted.

    It was also funny to read, because it said things like, "If you don't take action, sometime in the future your account might be difficult to use." (That's a paraphrase.) It was just funny because it was so wishy washy. Any real company suspecting fraud on your account will freeze it immediately.
  13. Jun 16, 2005 #12


    User Avatar
    Staff Emeritus
    Science Advisor

    Paypal is part of Ebay now. So if you get a fraudulent email (phish) from Ebay or Paypal, sent to the email address provided by integral. Most banks have a similar email address for reporting phish.

    I received the following from Ebay/Paypal after reporting several phish emails:

    The best defense against fake emails and Web sites is learning how to
    spot them. You can learn more about fake emails and Web sites through
    our Spoof Tutorial at the following Web page:


    One of the best tools to protect yourself from fraudulent (spoof) Web
    sites is eBay Toolbar with Account Guard. The Account Guard feature
    indicates when you are on an eBay or PayPal Web site and warns you if
    you are on a known spoof site. To learn more about eBay Toolbar with
    Account Guard open a new browser and type www.ebay.com/ebay_toolbar[/URL] into the address bar.

    We recommend that you keep your browser, operating system, and virus
    protection software up to date. Check for updates at the "Windows
    Update" link on [PLAIN]www.microsoft.com[/URL] and scan your computer for viruses

    If you think your personal information has been compromised in any way,
    you should take immediate steps to change your eBay, PayPal, and email
    passwords. You should also contact your bank to see if there has been
    any suspicious activity on your account. You can find more information
    about protecting your identity at the following help page:

    Last edited by a moderator: Apr 21, 2017
  14. Jun 16, 2005 #13


    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    And if someone here has fallen for one of these and thinks their personal information has wound up in the wrong hands, you can file a "Preliminary Fraud Alert" with the major credit reporting agencies (for those in the U.S.). This will last 90 days. If you need to extend that, you can have one put on for 7 years. The longer term one requires you have a police report filed as proof of fraudulent activity, the 90 day alert does not.

    If you report to one credit reporting agency, they will contact the other two on your behalf, so you only need to do this once. You should also check your credit report regularly. It can take a month or two for fraudulent activity to show up on it. You're entitled to one free credit report from each agency per year, so you can get three free in a year if you go to each of the agencies.

    The three credit agencies' websites are:

    There's more information on each of those plus phone numbers. If your information gets into the wrong hands, beware of any further companies contacting you by email to "protect" your credit. They prey on the victims trying to charge you to do what you can do for free yourself.
Share this great discussion with others via Reddit, Google+, Twitter, or Facebook