« NASCAR TrackPass Now Available for Macintosh | Main | Google Weather »

ALERT *NEW EBAY SPOOF EMAIL* ALERT

In a previous tutorial (Citibank Phisher Scheme) I talked about spoof emails and phisher schemes and what you could do to avoid them. This morning (March 12, 2005) I fell for an eBay related phisher scheme. As you can probably imagine I started to panic the minute I realized what I had done.

In this tutorial I'll show you what you can do if you find yourself in the same predicament.

The first rule when checking email is (or should be) be suspicious. I have been doing a lot of selling on eBay recently and have been receiving a number of emails related to the auctions that I have been placing. I guess that's why I fell for this scam. In retrospect, there were a number of red flags that should have been raised as I went through this encounter (which lasted all of 5 minutes).

Here is the email that I received at 7:41 and 8:32 am on March 12, 2005 and below is the text of that email.

Dear easyauctions-wv,

During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your billing information.

This might be due to either of the following reasons:

1. A recent change in your personal information ( i.e. change of address).
2. Submitting invalid information during the initial sign up process.
3. An inability to accurately verify your selected option of payment due to an internal error within our processors.

Please update and verify your information by clicking the link below:

https://arribada.ebay.com/saw-cgi/eBayISAPI.dll?PlaceCCInfo

If your account information is not updated within 48 hours then your ability to sell or bid on eBay will become restricted.

Thank you

The eBay Billing Department .


Copyright © 1995-2005 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
Use of this Web site constitutes acceptance of the eBay User Agreement and Privacy Policy.

I made every rookie mistake during this entire transaction. I ignored the fact that I received two of the same message. I missed the fact that when clicking on the address in the email it took me to a completely different address. I neglected to verify that I was on a secure site. I forgot that eBay sends messages via your online account. I ignored the fact that my browser, which normally auto fills my user name, didn't.

With all of those red flags raised, I should have recognized the fact that this was a scam! But, I didn't and here we are. So, what did I do (what can you do) in the minutes after falling for this scam? I'll show you the steps I took to (hopefully) protect my account from any security breach that I may have caused.

Use my mistake and learn from it.

8:30am - Logged on to computer. Checked email, read message from "Service@ebay.com".
8:31am - Clicked on link to update and verify infomation. Typed in user name and password. Password was not accepted (Invalid).
View spoof site [image].
8:31:45am - Sinking feeling in stomach. Realization that I had just entered my user name and password on a spoof site.
8:32am - Went to eBay account, logged in, changed password.
8:33am - Called Dad to warn him about Spoof email.
8:40am - Searched eBay help guide for information on securing account. Found: Securing Your Account and Reporting Account Theft
8:42am - Took the following steps to secure the account:

  • Requested a new eBay password
  • Reviewed contact information within my eBay account to verify that it had not changed.
  • Changed the secret question and answer on my eBay account.
  • Searched my account for active bids or listings that were unauthorized.
  • Reported spoof email to eBay [spoof@ebay.com].
  • Changed password on PayPal account (just to be sure).

eBay got back to me quickly regarding the spoof email and verified that it was not sent by them, confirming my colossal blunder.

By about 9am I started to feel better that everything was going to be okay. I believe I caught the problem quickly enough. By responding to the email in the first place I've probably opened myself up to getting more and more spoof emails like this one.

For more information on how to protect yourself visit the following links, and keep your skeptics hat on.

eBay.com: Email and Websites Impersonating eBay
eBay.com: Suggestions for Minimizing Unwanted Email
eBay.com: How to Spot Spoof (Fake) Emails (Tutorial)

Posted by gBrad on March 12, 2005 08:54 AM | Permalink

Social Bookmarking

Add to: Linkarena Add to: Digg Add to: Del.icio.us Add to: Reddit Add to: Simpy Add to: StumbleUpon Add to: Slashdot Add to: Netscape Add to: Furl Add to: Yahoo Add to: Google Add to: Blinklist Add to: Blogmarks Add to: Technorati Add to: Newsvine Add to: Ma.Gnolia Add to: Netvouz Information

Comments

Brad, I fell for one saying someone in a european county had been trying to use my info, and did even worse than you, i entered my credit card number and my husbands ss#. Now what do I do.

Posted by: Marilyn Miller | March 21, 2005 05:46 PM

I would definitely contact my credit card company and let them know.

Also, here is the Federal Trade Commission's website about ID Theft. They have some suggestions of things that can be done:

http://www.consumer.gov/idtheft/

Posted by: G. Brad Hopkins | March 22, 2005 10:19 AM

I just did exactly same as you Brad.
Then searched google for help.
Found your site and followed your steps.
Am now awaiting ebays reply.
Made blunder 15 mins ago.
Took immedaiate action, firstly by changing ebay password.
Thankfully like you I wised up once the credit card verification screen came up.
Cheers Phil (UK).

Posted by: phil | April 4, 2005 07:43 AM

I go to http://www.ebay.com then I sellect "sign in" the address says "https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&co_partnerId=2&pUserId=&siteid=0&pageType
=&pa1=&i1=&bshowgif=&UsingSSL=&ru=&pp=&pa2=&errmsg=&runame
=&ruparams=&ruproduct=&sid=&favoritenav=&migrateVisitor=

If I see anything different from the above, I know it's bogus.

Here's a new place that sent me about a dozen requests for ebay and paypal info
Do Not put anything in these!
Paypal; http://home.pufs.ac.kr/~together/zeroboard/paypal/index.html Then for bogus eBay;
http://home.pufs.ac.kr/~together/zeroboard/si.php


The two above may be gone now thanks to AltaVista's babelfish translator. I told the owners in Korean that someone was stealing information and gave them the two links. Guess that takes care of them !
There was a group of programmers who had a site called the OS_Crew and some or all had a special set of eBay files that collected personal info from unsuspecting users of eBay. The had a member's list and acrivity pages but no outward appearace of spoofing. The owner of the site was responsible for whatever his members did wrong though and I believe the FTC shut him down. A link in the spoofs that I was getting awhile back started out with his IP address and I just entered http://(and then the numbers,like)24.210.235.120) or 211.233.13.173 for example, which are both dirty, and got his main page. To get the files, I clicked on the link and deleted the last item in the address it went to. It doesn't work every time but it can and has for me. Curiously, the html is so sloppy that my email only shows the source and not how it should appear. A perk for me. I try to find the sites providing refuge for the spoofers and then convince them into shutting them down.
Some goofs actually author their work and are easy to cacth. I turned one in to the company who actually wrote the software he was using to steal info and was dumb enough to put his name within the html source stuff. Oh, one last thing. I have all of the OS_Crews or Crew_OS 's files in a ".tar" file that they had there. It has all the items and folders necessary for a bogus eBay sign in page system. If you wish it, Brad, I can e-m it to you, or not.

Posted by: Fred Smith | May 12, 2005 01:59 PM

I've been spoofed twice now in the last two weeks. The first time I did fall for it but then realised that some of the information they were asking for like my Debit card pin number was clearly information that I hadn't given them in the first place so stopped filling in the form and then changed my passwords on everything including my email addresses and then reported it to ebay! The second time I realised that it was a spoof and reported it to ebay straight away!

Posted by: John | May 15, 2005 09:24 AM

The same happened to Me ,I live in the UK,I had been late in paying ebay fee's and was asked to pay them by ebay, all of this was legitimate,then a day later I had another email that my ebay account had been suspended,and my limit for selling or buying was £15.00,I sent an email to this spoof email fraudsters saying I found this email somewhat suspect,24 hors later they responded,saying " they understand my concerns",very kind of them,all of this I reported to ebay,they asked me to forward the emails on to them,thus I saved myself by the skin of my teeth,I would love to send them 10,0000 emails so there sight might just crash.Phew.

Posted by: James Bond | May 20, 2005 07:33 PM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Recent Entries


Category RSS/XML Feeds

Internet Tutorials
Mac Tutorials
Misc. Stuff
PC Tutorials
Site News
Web Design Tutorials

AskMe: Have a computer Q?

Send me an email: brad -at- gbradhopkins dot com