cybercrusader Posted August 19, 2003 Report Share Posted August 19, 2003 This past weekend I got a very UNSUSPICIOUS looking email. It was (or looked like it was) from eBay and it asked me to click on the link to update my account information. When I clicked on the link I was taken to a weird URL, ie. not eBay's site. The link asked for my credit card info and social security number. I knew it was bogus the minute I saw the request for the social security number.The damn thing looked REAL. eBay logo and all. Very, very official looking. I did a little research and came up with the following notice on the eBay announcement board:***Protect Yourself From Spoof Emails*** Date: 08/14/03 Time: 10:22:37 AM PDT Some Community members have received deceptive emails claiming to come from eBay. Fraudsters who send these emails hope that recipients will reply or click on a link contained in the email and then provide personal information (i.e., eBay passwords, social security numbers and credit card numbers). We refer to these emails as "Spoof Emails". We encourage you to be cautious when responding to any email request for personal information. Remember, if you are ever asked to provide information to eBay, you can simply open a new browser, type www.ebay.com, sign in, and use the Site Map to navigate the site. You can also take a few simple steps to protect your account and prevent senders of spoof emails from doing harm: 1. Be sure you are on an eBay page -- It is generally not a good idea to click on links in an email. However, if you do, be sure that you are signing into a genuine eBay web site by looking at the address/location area of your browser. At an eBay.com sign-in or log-in page, the URL (link) that appears in the address/location area of your browser will begin with "http://cgi.ebay.com/", "https://scgi.ebay.com/" or "http://signin.ebay.com/". Please pay close attention to all characters in the address, including the forward slash (/) that follows "ebay.com". Even if the address/location includes the word "ebay", it may not be a genuine eBay web site. 2. Report Fraudulent Email -- If you have any doubt whether an email is from eBay, use your email client’s "forward" feature to forward a copy of it to spoof@ebay.com immediately with full header information, if possible. If you have already replied to the fraudulent email, contact your bank and/or credit card companies immediately to prevent identity theft. 3. Check Your Account -- eBay recommends checking your My eBay and Account Preferences periodically to ensure that no one has tampered with your account. Your vigilance helps us ensure that eBay remains a safe and vibrant online marketplace. For more information on how to protect your eBay password and your account, please visit the eBay Security Center. You can access the Security Center by clicking on Help from the Navigation Bar at the top of every eBay page, then clicking on the "Security Center" link. Regards,eBayThese dirtbags are getting real slick. Be sure to double check and triple check any email you get requesting your personal credit card info. Apparently, this even applies to companies we "trust" doing business with. Link to comment Share on other sites More sharing options...
kb9tbq Posted August 19, 2003 Report Share Posted August 19, 2003 Thanks so much for posting that, had a lady call me after the fact of having completed one of these - then she thought better of it unfortunately.I knew I had heard of this happening, but had not seen up until now - anyone else mentioning here about this problem. Link to comment Share on other sites More sharing options...
cybercrusader Posted August 19, 2003 Author Report Share Posted August 19, 2003 No problem....I consider myself to be somewhat observant, but this email REALLY had me fooled for a moment. It's "unbelievable" how authentic it looks. Link to comment Share on other sites More sharing options...
cybercrusader Posted August 19, 2003 Author Report Share Posted August 19, 2003 eBay responded to me with the following email:Thank you for contacting eBay's Trust & Safety Department about an email you received from an address that includes '@ebay.com' but that may not be an authentic email from eBay. We will investigate this situation immediately.Please be advised that there have been cases where people have attempted to gain access to an eBay member's personal information by sending "spoof" emails. Spoof emails intentionally give the false impression that they have been sent by eBay to solicit people to transmit their account information. Based on your inquiry to eBay's Trust and Safety Department, the email you received was likely a spoof. eBay is very concerned about spoof email and is taking prompt action to address the issue. If you think you may have entered personal information into a spoof site, we advise you to review the information at the web address below, which contains more detailed information about the following steps: http://pages.ebay.com/help/confidence/problems-identity-theft.html1. Change your eBay password and email account passwordPeriodically changing your password is one of the most effective ways to maintain security on any Web site. If you think there is a possibility of a breach in your account security, we strongly suggest that you begin by changing your password.2. Forward the email to Spoof@ebay.comIf you haven't already done so, please forward a copy of the email, (which will include the full header), to spoof@ebay.com. Forwarding the email will help us investigate this matter more quickly. Please do not forward the email as an attachment or alter the subject line in any way. For more information on how to identify a header, please visit: http://pages.ebay.com/help/basics/information.html3. Protect your identityIf you entered information such as your social security number or credit card numbers into a web site that you were directed to via a spoofed email, you need to take immediate action to protect your identity. The following web sites have valuable information on the steps you should take to protect yourself: eBay Help: http://pages.ebay.com/help/confidence/problems-identity-theft.html U.S. Government ID Theft Site: http://www.consumer.gov/idtheft/victim.htm BBB ID Theft Site: http://www.newyork.bbb.org/identitytheft/newscams.htmlAs we move forward with our investigation, we will contact you if we need further information. In order to dedicate resources to investigating this type of situation, please submit any other questions or concerns through our Help System, which can be accessed by clicking on the Help button at the top of any eBay page. *Please do not respond to this email as your reply will not be received. If you need to contact us again, please use the eBay Help system.We appreciate your efforts in helping keep eBay a safe online marketplace. Regards,eBay Trust & Safety Team Link to comment Share on other sites More sharing options...
Recommended Posts