Results 1 to 9 of 9

Thread: somebody goin' fishin'

  1. #1
    Junior Member
    Join Date
    Jun 2002
    Posts
    13

    Question somebody goin' fishin'

    I'm not absolutely sure, but this smells like a phishing scam to me. I haven't used my eBay account for awhile, but the other day I got this weird email from something saying it was eBay. The header on the subject line went like "A message regarding your eBay account", and it was from order@ebay.com which I suspect is a spoofed address. I'll include the text of the email below...

    --------------------------------------------------------------------------------------------------------------------------

    Dear eBay Member,

    We have reason to suspect that your eBay account may be in use by an unauthorized party.

    Your account has recently been accessed from a foreign country, while we understand that you may be on vacation or traveling abroad, eBay Security has a obligation to protect our user's security. Within 24 hours of this message, your account will be placed on hold to ensure your personal account safety. Verification of your specific account details will enable you to once again have full access to your eBay account.


    To ensure that your service is not interrupted, please submit your billing information today:
    http:// 200.86.73.171:83/.aw-confirm/ (Remove the "space" after http://)
    Or contact eBay Member Services Team. We're available 24 hours a day, 7 days a week.

    Regards,
    eBay Team.

    --------------------------------------------------------------------------------------------------------------------------

    The IP locator on this site placed that address somewhere in Australia, however I also ran it on LACNIC and it came back to someplace in Chile. I was curious if anyone else has recieved any fishing attempts similar to this one.

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    You can report this to ebay.....

    I get these and I dont even have an ebay account

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    There's your clue right there...

    http:// 200.86.73.171
    EBay isn't so lazy as to not create DNS records for their own domain... So the owner of the IP address is not going to be EBay or it would say something like "www.ebay.com" rather than an raw IP address.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Junior Member
    Join Date
    Jun 2002
    Posts
    13
    Yeah, that's what tipped me off. Considering the fact that the www.ebay.com domain is in San Jose, I wondered why in the hell they would have their security and abuse services hosted off a server in Chile.

  5. #5
    Senior Member Kite's Avatar
    Join Date
    Jan 2005
    Location
    Underground Bunker, somewhere in Antarctica
    Posts
    109
    ...Outsourcing, maybe? Still, they would at least make the security and abuse servers a part of the ebay site, not a separate entitiy. Most likely a scam.
    I know your type, you think "I'll just get me a costume, rip off the neighborhood kids". Next thing you know, you've got a jet shaped like a skull with lasers on the front!
    -The Monarch.

  6. #6
    I was about to give the old "No respectable company is going to send you an email asking you to click on a link and provide your billing information" line, but then I remembered that my two recent subscriptions to very mainstream, respectable magazines resulted in such emails. I deleted them, assuming they were a phish. Good thing they billed me by mail too.

    Still, eBay knows better. If you get an email from eBay asking for account details, you can assume it's a phish.
    Information wants to be a fireman when it grows up.

  7. #7
    This is what happens when you click the "Buy" links for example. It takes you to some random Japanese error page.
    http://www.ajc.org.hk/~tpsjc/ebay/error.htm

    Also, when you fill out all your details. (I filled it in fake) It redirects you to the actual My eBay page.
    http://my.ebay.com/ws/eBayISAPI.dll?MyEbayForGuests

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Are you sure?

    http://www.trendmicro.com/en/securit...ish050506a.htm

    It looks like a variant of the above to me.

    The
    random Japanese error page
    is the "Apex Junior Chamber of Commerce, Hong Kong"



    EDIT: I would be inclined to check my "hosts" file for redirects if I were you:

    http://www.sophos.com/virusinfo/anal...ojqhostsr.html

  9. #9
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003
    Aren't there some of these scams that use the filled in information to connect you to your account on the original site? That way it seems like you did go throught e-aby or your bank ect.....
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •