Another scam

[TWINSET]

Just received a mail, I checked my account, and it hasn't been suspended!

Mail came thru on 'ebay stationery;

Dear eBay User,

We recently noticed one or more attempts to login into your eBay

account from a foreign IP address and we have reasons to believe that

your account has been hijacked by a third party without your

authorization.

In order to protect your sensitive information or unauthorized listings we temporarily suspended your account for further investigations. To reactivate your account, click on the link below and confirm your identity by completing the secure form that will appear.

If you recently accessed your account while traveling, the unusual

login attempts may have been initiated by you.

Take our apologies for any inconvenience that this may cause.

Thank you

eBay Account Theft Prevention

http://signin.ebay.com/aw-cgi/eBayISAPI.dl...Name=h:h:sin:US

The log in attempt was made from:

IP address: 205.188.209.166

ISP host: cache-dq04.proxy.aol.com

[fury_dice(2)]

I don't quite understand how this scam would work, as the URL provided seems to be a valid ebay URL (just tried it with bogus details). Did you contact ebay directly yet?

[TWINSET]

I dunno then.

As soon as I received the mail, I tried signing on and selling, all that was ok.

I've checked other peoples feedback (where I have left it), and I'm not listed as 'not registered'

I've logged into ebay UK and .com, but there's nothing for me to do, I can access all my stuff as usual.

Wierd

[mrfreezeuk]

hi all

i had a similar email a few weeks back and i sent it to ebay uk and had a reply within about 1 hour...

it said that the url was not an official ebay one

it was http//

but they said it should be https//

the email also said that i would have my account suspended but ebay said ignore it, and that they wont ask any private info through email..

like passwords and usernames...

cheers

Dazz

[usapirap(2)]

That link is the same as the one you get when you click on the sign in link at top of ebay's home page. It's not https//. It's just regular http//. Have a look and you'll see.

[Tamiya Cowboy]

Yeah I just got one of these emails to and I was filling it out and rich "Biggus Ditchus" stoped me right before I was done! [:0]It is the 2nd one I have gotten in 6 months [!].... Thanks Twinset []I should of looked into it better..

[TWINSET]

http://signin.ebay.com/aw-cgi/eBayISAPI.dl...Name=h:h:sin:US

http://signin.ebay.com//aw-cgi/eBayISAPI.d...Name=h:h:sin:US

Compare the two; the top one, from the 'scam' has one slash after ebay.com, the lower one (proper ebay sign in screen from .com) has two - is that significant?

[usapirap(2)]

quote:Originally posted by TWINSET

http://signin.ebay.com/aw-cgi/eBayISAPI.dl...Name=h:h:sin:US

http://signin.ebay.com//aw-cgi/eBayISAPI.d...Name=h:h:sin:US

Compare the two; the top one, from the 'scam' has one slash after ebay.com, the lower one (proper ebay sign in screen from .com) has two - is that significant?

---

id="quote">id="quote"> That should not matter because the page is still hosted by the domain http://signin.ebay.com.

[netsmithUK]

Its hard to say from just this thread, but quite often the email use URL masking, ie the link you see in the body copy is not the link you go to when you click it, the html that the mail client renders contains the real link.

you see something like

ebay.com

the code in the page is actually

<a href="scammers.com">ebay.com</a>

It will appear like a link to ebay but take you somewhere else when you click it. You see an active link called ebay.com but if you click it you actually go to scammers.com. If the two domains appear similar enough then chances are most people won't notice.

Take a look at the actual source of your email for the real link, or compare the url of the page you jump to compare to the one you click on.

If you copy and paste the visible link in a browser it will be fine, you'll only see the mis direction work when you click on the link from the original email

Cheers

Chris

[WillyChang]

quote:Originally posted by TWINSET

... We recently noticed one or more attempts to login into your eBay account from a foreign IP address

---

id="quote">id="quote">

Hmm... why would eBay care what IP address you login from?

Some of us, the ones with diallup & non-static IPs would have a different one always.

Add also the times one checks in from net cafes, office PCs, friend's PCs, different ISP, proxy servers etc etc.

Tracking users' IPs would be a huge job.

[DJTheo]

Beware folks it is a scam!!!

Also got it and copied the link to another programs and its

http://signin.ebay.comeBayISAPI.dllSignIns...:sinUS

@musicianguitarist.com/GuitarsRLuse/login.html

It uses a stupid security hole of IE which shows the first part but goes to the last part after @ [!], read more here http://www.tamiyaclub.com/xforum/topic.asp...E,security,hole

Hope nobody gave his password, if so, contact ebay ASAP!

I already reported it to ebay.

The only thing which is safe, is always to log in into ebay by typing the ebay.com (or .whatever) URL yourself into the browser, never click on email links or copy and paste!

Cheers

[DJTheo]

Upadte!

5 mins later I got an email from Ebay confirming its a scam.

[terry.sc]

quote:Originally posted by netsmithUK

Its hard to say from just this thread, but quite often the email use URL masking, ie the link you see in the body copy is not the link you go to when you click it, the html that the mail client renders contains the real link.

you see something like

ebay.com

the code in the page is actually

<a href="scammers.com">ebay.com</a>

It will appear like a link to ebay but take you somewhere else when you click it.

---

id="quote">id="quote">

This is why ebay wants you to just forward the complete email to them, rather than copying and pasting the info into another email.

If you are unsure about any email from ebay just send it to spoof@ebay.com and they will get back to you. If it's genuine they will confirm it.

[dave.t1]

Hi,

I was cruising the web a couple of weeks ago and found some info on how dodgy web sites work. I seem to remember that you can put anything you like into the web address followed by an @ then the actual address. This means that <www.ebay/security.com@dodgy.site.co.uk> would actually go to <www.dodgysite.co.uk>. The web page format ignores anything before the @. Clever hackers could also hide the site by changing the way the last bit looks by using the IP address format, (i.e 255.193.14.197) or changing to a different number base. Ok so at this point I lost the thread a bit but bottom line is that you can be fooled easily if you are not carefull. If any one is interested in more info, I can try to find the site again and send the link to them.

[DJTheo]

Info about it is in the link I posted in the previous page (old thread)