-
May 25th, 2006, 03:09 PM
#1
Junior Member
somebody goin' fishin'
I'm not absolutely sure, but this smells like a phishing scam to me. I haven't used my eBay account for awhile, but the other day I got this weird email from something saying it was eBay. The header on the subject line went like "A message regarding your eBay account", and it was from order@ebay.com which I suspect is a spoofed address. I'll include the text of the email below...
--------------------------------------------------------------------------------------------------------------------------
Dear eBay Member,
We have reason to suspect that your eBay account may be in use by an unauthorized party.
Your account has recently been accessed from a foreign country, while we understand that you may be on vacation or traveling abroad, eBay Security has a obligation to protect our user's security. Within 24 hours of this message, your account will be placed on hold to ensure your personal account safety. Verification of your specific account details will enable you to once again have full access to your eBay account.
To ensure that your service is not interrupted, please submit your billing information today:
http:// 200.86.73.171:83/.aw-confirm/ (Remove the "space" after http://)
Or contact eBay Member Services Team. We're available 24 hours a day, 7 days a week.
Regards,
eBay Team.
--------------------------------------------------------------------------------------------------------------------------
The IP locator on this site placed that address somewhere in Australia, however I also ran it on LACNIC and it came back to someplace in Chile. I was curious if anyone else has recieved any fishing attempts similar to this one.
-
May 25th, 2006, 03:29 PM
#2
You can report this to ebay.....
I get these and I dont even have an ebay account
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
May 25th, 2006, 03:31 PM
#3
There's your clue right there...
EBay isn't so lazy as to not create DNS records for their own domain... So the owner of the IP address is not going to be EBay or it would say something like "www.ebay.com" rather than an raw IP address.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
May 25th, 2006, 03:53 PM
#4
Junior Member
Yeah, that's what tipped me off. Considering the fact that the www.ebay.com domain is in San Jose, I wondered why in the hell they would have their security and abuse services hosted off a server in Chile.
-
May 25th, 2006, 05:29 PM
#5
Senior Member
...Outsourcing, maybe? Still, they would at least make the security and abuse servers a part of the ebay site, not a separate entitiy. Most likely a scam.
I know your type, you think "I'll just get me a costume, rip off the neighborhood kids". Next thing you know, you've got a jet shaped like a skull with lasers on the front!
-The Monarch.
-
May 25th, 2006, 05:48 PM
#6
I was about to give the old "No respectable company is going to send you an email asking you to click on a link and provide your billing information" line, but then I remembered that my two recent subscriptions to very mainstream, respectable magazines resulted in such emails. I deleted them, assuming they were a phish. Good thing they billed me by mail too.
Still, eBay knows better. If you get an email from eBay asking for account details, you can assume it's a phish.
Information wants to be a fireman when it grows up.
-
May 26th, 2006, 11:35 AM
#7
Banned
This is what happens when you click the "Buy" links for example. It takes you to some random Japanese error page.
http://www.ajc.org.hk/~tpsjc/ebay/error.htm
Also, when you fill out all your details. (I filled it in fake) It redirects you to the actual My eBay page.
http://my.ebay.com/ws/eBayISAPI.dll?MyEbayForGuests
-
May 26th, 2006, 11:56 AM
#8
Are you sure?
http://www.trendmicro.com/en/securit...ish050506a.htm
It looks like a variant of the above to me.
The
random Japanese error page
is the "Apex Junior Chamber of Commerce, Hong Kong"
EDIT: I would be inclined to check my "hosts" file for redirects if I were you:
http://www.sophos.com/virusinfo/anal...ojqhostsr.html
-
May 26th, 2006, 03:24 PM
#9
Aren't there some of these scams that use the filled in information to connect you to your account on the original site? That way it seems like you did go throught e-aby or your bank ect.....
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
Oscar Wilde(1854-1900)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|