eBay ALERT - eBay Shoppers Identity Theft attempt
On Saturday, I received an email purportedly from eBay. The actual text of the message was a jpeg, not plain text. If you clicked anywhere on the message, you clicked through to a page that was not the link stated in the email.
Date: Sat, 6 Sep 2003 06:54:51 -0400
From: ebay <user-support3@ebay.com>
To: Merry <merry@net-thing.net>
Reply-To: ebay <user-support10@ebay.com>
Sender: ebay <user-support6@ebay.com>
Subject: 0fficial Notice for all E-Bay usersDear eBay User,
During our regular update and verification of the accounts, we couldn't verify your current information. Either your information has changed or it is incomplete.
As a result, your access to bid or buy on eBay is restricted. To start using your eBay account fully, please update and verify your information by clicking below :
scgi.ebay.com
Regards,
eBay
**Please Do Not Reply To This E-Mail As You Will Not Receive A Response**
I clicked on the link (which was really a jpeg with the real link concealed.)
The actual webpage I was taken to is:
(Don't click on this link, it may actually try and steal info from your computer or download some spyware program)
211.217.224.102:4901/stats/
This is the text on that webpage:
For security reasons the following information must be confirmed.
eBay User ID_______________
You can also use your registered email.________________
Password____________________
Please re-enter your complete name and confirm your
Date of Birth: _____________________
First name__________________
Last name___________________
Date of birth_______________
Year________________________
Please re-enter your Social Security Number (SSN) (The SSN consists of nine digits, commonly written as three fields separated by hyphens:
(AAA-GG-SSSS)__________________
Important: In order to prevent any fraudulent activity from occurring we strongly advise you to specify an alternative eBay password. This process allows us to give back sole control of the account to you in case something goes wrong with instructions regarding the account and its future safety.
Alternative password (6 character minimum)_________________
***Please note that when choosing a password we strongly recommend that you choose a password that can be easily remembered.***
Please confirm your credit or debit card on file to help verify your identity. Your information is kept safe and private.
Credit or debit card number _______________________________
Visa, Mastercard, American Express, or Discover
Your card will not be charged!
Expiration date_________________
Please make sure your card expiration date is correct.
If your card has expired, please enter another one.
CVV2 code ________
The CVV2 code is the three-digit code on the back of the
card following your credit card number.
ATM PIN (Bank Verification) #:_______
|SUBMIT| (button)
After seeing what personal and financial information that NO ONE should give out, a red flag went up.
I sent an email to eBay.
===================
From: merry@net-thing.net
To: eBay Customer Support
Sent: Saturday, September 06, 2003 10:23 AM
Subject: Re: 0fficial Notice for all E-Bay users
I received the following email. I clicked on the link; the webpage has an eBay logo, but no eBay address. The link is : 211.217.224.102:4901/stats/
Is this a valid ebay email? Email fraud and theft identification are so prevalent that this email could be from anyone.
If this is a new eBay policy, I think you should rethink it.
Sincerely,
Merryfield XXXXXXXX
Today I received a reply from eBay:
From: "eBay Customer Support" <cswebform@ebay.com>
To: "Merryfield" <merry@net-thing.net>
Sent: Sunday, September 07, 2003 1:32 AM
Subject: RE: SP91011 your recent report to eBay's Trust and Safety Department (KMM89743946V12667L0KM)
Hello,
Thank you for contacting eBay's Trust and Safety Department about email
solicitations that are falsely made to appear to have come from eBay.
These emails, commonly referred to as "spoof" messages, are sent in an
attempt to collect sensitive personal information from recipients who
reply to the message or click on a link to a Web page requesting this
information.
The email you reported did not originate from, nor is it endorsed by,
eBay. We are very concerned about this problem and are working
diligently to address the situation. We are currently investigating the
source of this email to take further action. You may rest assured that
your account standing has not changed and that your listings have not
been affected.
We advise you to be very cautious of email messages that ask you to
submit information such as your credit card number or your email
password. eBay will never ask you for sensitive personal information
such as passwords, bank account or credit card numbers, Personal
Identification Numbers (PINs), or Social Security numbers in an email
itself. If you ever need to provide information to eBay please open a
new Web browser, type www.ebay.com, and click on the "site map" link
located at the top the page to access the eBay page you need.
If you have any doubt about whether an email message is from eBay,
please forward it immediately to spoof@ebay.com and do not respond to it
or click on any of the links in the email message. Please do not change
the subject line or forward the email as an attachment.
If you entered personal information such as your password, social
security number or credit card numbers into a Website based on a request
from a spoofed email, you need to take immediate action to protect your
identity. We have developed an eBay Help page with valuable information
regarding the steps you should take to protect yourself.
To get to the "Protecting Your Identity" Help page from the eBay site,
please click on the "help" link located at the top of most eBay pages
and select the following topics when the "eBay Help Center" window
appears:
Safe Trading > If Something Goes Wrong > Identity Theft
We encourage you to review additional information about protecting your
identity found in the eBay Help system. Please click on the "help" link
located at the top of most eBay pages and select the following topics
when the "eBay Help Center" window appears:
Safe Trading > If Something Goes Wrong& > Account Theft > Account
Protection
Once again, thank you for alerting us to the spoof email you received.
Your vigilance helps us ensure that eBay remains a safe and vibrant
online marketplace.
Regards,
Ian
eBay SafeHarbor
Investigations Team
______________________________
eBay
Your Personal Trading Community (tm)
*******************************************
Important: eBay will not ask you for sensitive personal information
(such as your password, credit card and bank account numbers, Social
Security numbers, etc.) in an email. Learn more account protection tips
at:
pages.ebay.com |
