HP Forum Archive 13

[ Return to Index | Top of Index ]

eMail from eBay Message #1 Posted by Ellis Easley on 4 Aug 2003, 9:52 p.m. Has anybody else ever received the following message from eBay? Dear eBay User, During our regular update and verification of the accounts, we could not verify your current information. Either your information has changed or it is incomplete. As a result, your access to bid or buy on eBay has been restricted. According to our site policy you will have to confirm that you are the real owner of the eBay account by log in and complete the form that will pop up or else your account will be suspended without the right to register again with eBay. After you will login please verify your information in order to complete this verification. Thank you eBay Customer Support The email contains a form that asks me to login. The form is part of the email, it's not downloaded - I can see the parts of the form with View, Message Source. I don't understand Java well enough to see what they are doing with the ID and password. It sure looks like it could be a scam to get my password so I didn't respond to it. But since there is no way to contact eBay, how can I find out if it is real? My ISP promises to never ask for any passwords or other confidential information except via a secure link. I realize when I login to eBay, I'm not using a secure link, but at least I know I WENT TO eBay in that situation.

Re: eMail from eBay Message #2 Posted by Mark Hardman on 4 Aug 2003, 10:01 p.m., in response to message #1 by Ellis Easley It most surely is a scam. From the eBay help pages: Safety Tips: Be cautious of emails that ask you to submit personal information such as your credit card number or your eBay password. Some members have reported attempts to gain access to their personal information through email solicitations that are made to appear as having come from eBay. These solicitations will often contain links to web pages that will request that you sign-in and submit information. At eBay, we identify these as 'spoofed' emails or websites. Remember, eBay employees will never ask you for your password. If you receive or suspect you have received such an email, do not respond to it or click the links. Immediately send a copy of it to spam@ebay.com. To be sure that you are signing into a genuine eBay website, look at the Address/Location field of your browser. At an eBay Sign-In or log-in page, the URL (link) that appears in the Address/Location field of your browser will begin with "http://cgi.ebay.com/" or "http://cgi3.ebay.com/"

Re: eMail from eBay Message #3 Posted by Ellis Easley on 4 Aug 2003, 10:16 p.m., in response to message #2 by Mark Hardman Thanks, Mark! I've send it to spam@ebay.com.

SCAM, SCAM, SCAM Message #4 Posted by Mike on 4 Aug 2003, 10:14 p.m., in response to message #1 by Ellis Easley All the images and links appear to be ebay links and images. In fact, some actually take you to ebay. all but one.... Go to the browser View->Source and search for the "submit" tag for the SUBMIT button. You will find that when you click the SUBMIT button on the form (don't actually click it), it sends the username and password to a CGI script, on a non-ebay domain. There is also an email address visible in the source, as a parameter to the CGI script. The one I had was on the Elvis.com domain. I actaully sent an email to this guy and he responded, "You are only slightly smarter than the others." Indicating that he was acknowledging it was a scam. PS: The one I got, didn't do anything but email the username and password. It didn't capture anything except what was in the form. So, one could have written... Username: BugOff Password: BiteMeDoughBoy And he would have received that email... Don't try this unless you verify that the email is otherwise harmless :-) (I'd advise against it altogether) Edited: 4 Aug 2003, 10:18 p.m.

Re: SCAM, SCAM, SCAM Message #5 Posted by Ellis Easley on 4 Aug 2003, 10:28 p.m., in response to message #4 by Mike What damage could a person do with my account (other than cause me grief!) since I am not a seller? I guess he could bid on items as me, and get me kicked off Ebay - and if he had a lot of accounts, he could bid on and win auctions of people he has a grudge against, just to give them extra negative feedback. But how could he make money with extra accounts? Maybe if he is a seller, or is working with a seller, he could use my account to shill. I might be a good target for that because I haven't used my account for some time (I assume it is possible to track my activity) and if I had just responded to keep my account alive (I almost did!) someone could have bid in my name without my ever knowing, as long as "I" never won an auction. I'm beginning to believe that shilling is real! (Hey, man - shi***** happens!)

Well, for one... Message #6 Posted by Mike on 4 Aug 2003, 10:39 p.m., in response to message #5 by Ellis Easley They could start buying everything in sight. Your negatives would start piling up, as you likely wouldn't want to pay for the Lexus and Jaguars that they might buy, in your name. If there is any doubt, you should change your password, ASAP. Before I analyzed that email, I immediately changed my password, just in case. Edited: 4 Aug 2003, 10:39 p.m.

Re: Well, for one... Message #7 Posted by Ellis Easley on 4 Aug 2003, 11:01 p.m., in response to message #6 by Mike I know Ebay always points out that a bid is a legally binding agreement. But other than losing my Ebay priveleges, what other penalties would I be subject to because of bids that were made in my name without my knowledge - or even bids I made and chose to not honor? Are there any horror stories about this? What recourse would a person have if he got in such a position because he innocently (if stupidly) gave away his password in response to an email like this? Is it better or worse than identity theft (bank, credit card account, etc.) in general? I understand that is pretty bad - if it happens to you, getting out of it becomes your new career!

Well, how about this Message #8 Posted by Mike on 4 Aug 2003, 11:22 p.m., in response to message #7 by Ellis Easley Suppose someone starts selling stuff on eBay, using your name. Of course you could cancel anything you didn't recognize. But say he offers great, "Buy-it-Now" deals, with paypal link, to his account. PayPal need not be related to eBay, whatsoever. Then, people snap these up and he is paid. You could be hassled beyond belief. Example: A guy was selling Iraq 52 Cards for $9.99 per pack. He sold over 5,000 in one hour. That is $50K and he was paid via PayPal ONLY. He was legit, but what if he was using your account. Hard to beat, "buy-it-now" are snapped up immediately. What if the SCAM guy decided to sell Nikon Digital Cameras for $100.00 (New in Box). He could probably SCAM hundreds before you knew what was happening. Once an auction ends, you can't cancel or change anything, including any bogus PayPal links in the auction. Or, what if a guy sold a $100,000 Jaguar for $15,000. Someone might want to sue over that. Also, you'd be legally on the hook for eBay fees. You'd have to prove your case. This is just one of many examples. Still, you might not be liable but if it's a lot, you could be sued or hassled. Edited: 4 Aug 2003, 11:25 p.m.

is there any history of this - Message #9 Posted by Ellis Easley on 4 Aug 2003, 11:36 p.m., in response to message #8 by Mike - or has Ebay hushed it up as well as the banking industry has suppressed news reports about people being robbed at ATM's?!!!

Re: is there any history of this - Message #10 Posted by David Smith on 5 Aug 2003, 2:21 p.m., in response to message #9 by Ellis Easley If you have your credit card account registered with ebay the scum scammer would have it, etc.

[ Return to Index | Top of Index ]

Go back to the main exhibit hall