PDA

View Full Version : Warning to EBay members



Fran Crimi
08-07-2003, 08:55 PM
Yesterday I received an e-mail from EBay stating that during a routine verification process it was discovered that my account information was incomplete and I needed to update it in order to be able to buy or sell in the future.

They linked me to a form to fill out. The form had the EBay logo on top with several links back to the EBay site; all very authentic looking....except for one thing: The form asks for your EBay user name and password, your credit card info, your (get this one) bank account number and your mother's maiden name. I don't think so.

So I filed a fraud report with EBay and they responded that it was a fraudulant "spoof" e-mail.

So it seems you can't trust the "from" field in e-mails anymore, and they've got it down so well that they'll link you to a fake website that imitates the real thing.

Scary, isn't it?

Fran

Hopster
08-07-2003, 09:21 PM
The thieves keep getting better and better. Any notices like that at all and you would be wise to check with the site itself before taking any action.
Doesnt anyone rob a bank with a mask and a gun anymore ??? /ccboard/images/graemlins/grin.gif

Nightstalker
08-07-2003, 09:27 PM
Nope, too risky! /ccboard/images/graemlins/grin.gif

WesK
08-07-2003, 10:59 PM
Good catch.

I'm glad that you didn't get stung.

wes

Ken
08-08-2003, 06:53 AM
A while back I got a notice seemingly from Paypal saying that because I had not used the account for a while I would have to verify my info. I ignored it because I knew I would be using the account soon. Now I'm beginning to wonder if it was legit or not.
KenCT

Barbara
08-08-2003, 07:04 AM
Fran,

It happened to me, too. But I was onto it. First, the email stated that my account was being "hacked into" and that I needed to re-verify my info - username, password, credit card, the whole gamut. It did look official - it was from "Security@ebay.com". But what tipped me off was that the email came to my business email address and that's not the address I have registered with eBay.

So I forwarded the email to customer services at eBay and they wrote me back this:

"Hello,

Thank you for your email regarding the email you received that appeared
to be from eBay.

This past week, our members have been subjected to a massive onslaught
of fraudulent emails that are trying to fool members into providing
sensitive financial information. Some of the most recent emails appear
to be coming from eBay, PayPal, AOL, Earthlink and Hotmail. Some of
these emails claim that eBay has partnered with Yahoo, Earthlink, AOL
and Hotmail. Others have claimed that you are suspended, that you need
to verify your account and that eBay had a "glitch" in our database.
Other emails have also claimed that you have won a prize, earned an
orange star, ask you to "log in" to your account, accuse you of having a
corrupted or "frauded" account and some even threaten suspension.

If this describes the email you received, please do not submit
information. If you want to check the status of your account, do so by
going to the eBay homepage and logging into your "My eBay" page. You can
access all of your account information from the tabs found inside your
"My eBay" pages.

Next, if you did submit information, please take steps to protect your
information quickly. You may need to contact your bank, your credit card
issuer and other financial institutions. You should also quickly change
your eBay password. If this is not possible, please write back
immediately with the details of your particular case. Please use the
following subject line if you find your account password has already
been changed:

eBay SafeHarbor Department TK91014

Please remember that eBay will NEVER ask you for private information,
including credit card information or passwords, in an email. You will
always be directed back to the eBay site to enter information. More
information about account security can be found at the following
address:


http://pages.ebay.com/help/account_protection.html?ssPageName=CMDV:AB000
8

From now on you will need to be extra careful in determining if an email
is really from eBay. Please allow me to give you some pointers:

1. All official eBay communication will have the "e" in lower case
and the "B" in upper case. This includes instances where eBay is used at
the start of a sentence, but excludes the lower cases used in email
addresses.
2. eBay will never ask you to "sign in" to your eBay account with
links provided inside of an email. The only exception is with a few
billing emails. In all cases, you may still sign in to eBay to access
your account. We will never demand that you only sign in through the
link in the email.
3. We will never direct you to a site outside of eBay to enter
sensitive financial information.
4. We will NEVER ask for you social security number, pin number,
mother's maiden name or eBay password or email password. We do not use
this information for eBay. (Please note however, that if you ID verify,
they will require some sensitive information, as well as setting up a
seller's account on eBay.)
5. If in doubt, first submit "bogus" information. If the form
accepts it, then you know it's a fraudulent site. In these cases, you
may report any live sites to spoof@ebay.com.
6. eBay no longer gives out email addresses, but instead directs
members to our webform. If you still have questions or concerns, contact
eBay through our web form below. It is better to take the chance of
being suspended than being the victim of identity theft.

http://pages.ebay.com/help/basics/select-RS.html

If this email did not address your concern, please do not hesitate to
write back. The easiest and fastest way to get emails to the correct
department is to use our help center. There is a help tab at the top of
all eBay pages.

We apologize for any confusion this message may have created for you and
we appreciate your efforts in helping keep eBay a safe trading place.


Regards,

Ian
eBay SafeHarbor
Investigations Team
______________________________
eBay
Your Personal Trading Community (tm)

*******************************************

Important: eBay will not ask you for sensitive personal information
(such as your password, credit card and bank account numbers, Social
Security numbers, etc.) in an email. Learn more account protection tips
at:

http://www.pages.ebay.com/help/account_protection.html
_____________________________________________

For our latest announcements, please check:

http://www2.ebay.com/aw/announce.shtml

Yep, it's a fraud!

Barbara
_____________________________________________

Fran Crimi
08-08-2003, 08:32 AM
Hey Hopster,

Before I took the plunge to teach pool full-time, I used to investigate white collar criminals. Defense lawyers would hire me to figure out what their clients "allegedly" did and how they did it, since they would always deny any wrong-doing.

One of my favorites was a Senior VP who embezzled 19 million over three years from the major brokerage firm that he worked for. He got nailed by a new clerk the first day on the job who pointed to one of the phony transactions and asked his supervisor, "Is this okay?" LOL! What a way to go.

I heard later that he was in good company up at the big house. His cellmate was Michael Milken. /ccboard/images/graemlins/grin.gif

Fran

Hopster
08-08-2003, 09:20 AM
<blockquote><font class="small">Quote Fran Crimi:</font><hr> Hey Hopster,

Before I took the plunge to teach pool full-time, I used to investigate white collar criminals. Defense lawyers would hire me to figure out what their clients "allegedly" did and how they did it, since they would always deny any wrong-doing.

One of my favorites was a Senior VP who embezzled 19 million over three years from the major brokerage firm that he worked for. He got nailed by a new clerk the first day on the job who pointed to one of the phony transactions and asked his supervisor, "Is this okay?" LOL! What a way to go.

I heard later that he was in good company up at the big house. His cellmate was Michael Milken. /ccboard/images/graemlins/grin.gif

Fran <hr /></blockquote>

Hey Fran
I bet the guy still has a good piece of the pie put away and like Milken probably just did token jail time. Just like with Enron, i bet none of those guys do more than 5 years max and look at what they got away with.
But that is funny, what a way to get nailed. Who was doing the investigating before the kid got there, Stevie Wonder ?? lol

Fran Crimi
08-08-2003, 03:57 PM
Barbara, I got a similar letter. The second-half was the same as yours with a slightly different first-half.

Fran


Hello,

Thank you for writing regarding the email you received.

The message you received was not sent by eBay nor was it endorsed by us
in any way. By altering the reply-to address for this email, this
message may appear to have come from an eBay email address, when it
actually came from an external email address. This also means that
hitting the reply to button will send the message to the altered email
address in the reply to field. This process is commonly referred to as
"spoofing."

Please rest assured that your account standing has not changed and that
your auctions have not been affected. We are currently investigating
the source of the email. Although we are unable to provide specific
information regarding the result of our investigation, let me assure you
that eBay does take these matters seriously. We work closely with ISPs
to remove these sites quickly....

Fran Crimi
08-08-2003, 04:10 PM
<blockquote><font class="small">Quote Hopster:</font><hr>
Hey Fran
I bet the guy still has a good piece of the pie put away and like Milken probably just did token jail time. Just like with Enron, i bet none of those guys do more than 5 years max and look at what they got away with.
But that is funny, what a way to get nailed. Who was doing the investigating before the kid got there, Stevie Wonder ?? lol <hr /></blockquote>

You're right on the money with that. Clinton pardoned Milken just before leaving office in '94. I wonder if Milken's going to be contributing to Hillary's presidential campaign---through a third party, of course. /ccboard/images/graemlins/wink.gif

The other guy did 5 years and paid back all but a measly 6 mil that he seemed to have misplaced.

Fran