SCAM WARNING TO ALL EBAY USERS!!
or "A Story About How You Can Learn From
My Mistake"
Background
After a bit of soul searching,
I have decided to use this page to share my recent experience
on eBay. It is my hope that by sharing my experience, someone
else might be spared all of the aggravation.
I assure you that I’m
not a novice at eBay, computers or the Internet.
I am even considered to be somewhat of a “techno-geek” (Web
and Graphics Designer, Network Administration, software
management/development, etc.). I have been a member of
the eBay community since 1999. eBay has brought much joy
and, yet, introduced a few bad experiences, as well. (Three
to be exact, in all of my transactions.) I have met some
of the kindest people through eBay -- people I never would
have met without the Internet.
Now, however -- I have
been force-fed a CONSIDERABLE AMOUNT of enlightening
skepticism. Unfortunately, I'm going to have to hold on
to that from now on. It's mine and it will stay mine.
I, like everyone else,
have read about the scams circulating that target people
using eBay, PayPal, and other highly-trafficked sites.
I've read about the unfortunate stalkings that have
occurred, the identity thefts. My feelings of sorrow ALWAYS
went out to the victims of these crimes of fraud. It's
stealing innocence and honesty. That's a horrible thing
-- to take something from someone, blindly, never knowing
or caring exactly HOW you are affecting them. In fact,
these thieves never know ANYTHING about the victims, their
lives, what they are going through on a human level --
ANYTHING. All that they care about are intimidation and
their own concept of a get-rich-quick scheme ... at ANYONE
else's expense.
In my opinion, it takes
a hollow, empty person to blindly affect Internet Fraud
on the unknowing and the unwilling. On those who are living
and leading a straight and honest life. Those who are intent
on adhering to "the rules," remaining mindful
and concerned about fellow humans -- and their feelings
and opinions.
eBay was originally created
as a community of individuals who liked to provide a marketplace
for those who were searching and those who were selling
unique items. As of late, the innocence of the mission
is beginning to tarnish -- at no fault of eBay's. It's
the fault of those who make a living abusing for their
own profit, at the cost of anything.
To my surprise, in spite
of my computer and Internet savvy -- I was caught in a
scam. If *I* can be caught, anyone can. Fortunately, however,
I'm not an idiot. So far, I have managed to entirely thwart
the illegal activities of the
person who was intent on defrauding me. Read on.
>>> top
The
(Almost Unnoticed) Beginning of the Scam
On January 21, 2003, I
was the receiver of a FRAUDULENT eMail that
appeared to be from eBay (I am including the Internet
Header info included below) stating "Your
account has been inactive for a substantial period
of time. Due to our scheduled maintenance we are reviewing
the accounts. If you want to continue using our system
please go to the URL below to confirm: (please use it exactly
as is including all trailing fullstops)." A link
was provided to complete the confirmation. (The
link is no longer active -- they have been shut down by
their ISP. Thanks go to another fellow eBay'er who knew
about my situation. This quick thinking likely saved someone
else from falling victim.)
I have taken off of work
for a few weeks, and am remaining at home caring for a
very ill relative who just had major surgery. The surgery
was January 15. The eMail was January 21. I normally live
with my computer attached as an appendage, but the care
for my relative had made it so that I had not logged on
to the computer/Internet in days. When I did, it was only
to make sure I had no important messages.
I found a message "from
eBay," (which of course, ultimately proved to be not
from eBay at all).
So, I scowled and growled
at the annoying/offending message, somewhat cursed eBay’s
name and said, “What are they talking about? I haven’t
been ‘inactive!’ It's only been a few months!!” Blah
blah blah.
HEADER |
Return-path: <www@host30.christianwebhost.com>
Received: from bright17. (bright17-qfe0.icomcast.net [172.20.4.171])
by msgstore03.icomcast.net
(iPlanet Messaging Server 5.2 HotFix 1.07 (built Nov 25 2002))
with ESMTP id <0H9300E7RBJ0KP@msgstore03.icomcast.net> for
[my email]@ims-ms-daemon; Tue, 21 Jan 2003 19:47:24 -0500 (EST)
Received: from mtain03 (bright-LB.icomcast.net [172.20.3.155])
by bright17. (8.11.6/8.11.6) with ESMTP id h0M0lMY07669 for
<@msgstore03.icomcast.net:[my email]@comcast.net>; Tue,
21 Jan 2003 19:47:23 -0500 (EST)
Received: from host30.christianwebhost.com
(host30.christianwebhost.com [209.239.41.120])
by mtain03.icomcast.net (iPlanet Messaging Server 5.2 HotFix
1.07 (built Nov
25 2002)) with ESMTP id <0H93000QMBITJ3@mtain03.icomcast.net> for
[my email]@comcast.net (ORCPT [my email]@comcast.net); Tue,
21 Jan 2003 19:47:17 -0500 (EST)
Received: (from www@localhost) by host30.christianwebhost.com
(8.11.6/8.11.6)
id h0M0lHW12955; Tue, 21 Jan 2003 19:47:17 -0500
Date: Tue, 21 Jan 2003 19:47:17 -0500
From: aw-confirm@ebay.com
Subject: Please confirm your FREE membership
To: [my email]@comcast.net
Message-id: <200301220047.h0M0lHW12955@host30.christianwebhost.com>
Original-recipient: rfc822;[my email]@comcast.net |
| BODY |
Dear
eBay member [NOTICE THE GENERIC ‘eBay
Member’],
Your
account has been inactive for a substantial period
of time.
Due
to our scheduled maintenance we are reviewing the
accounts. If you want to continue using our system
please go to the URL below to confirm: (please
use it exactly as is including all trailing fullstops)
http://cgi3.ebay.com@64.176.128.170/eBayISAPI.dll?&MfcISAPICommand=EnterConfirm&
UsingSSL=0&pUserId=&ru=445&ap=0&dz=1
[this link is no longer
active -- they have been shut down by their ISP.
Thanks go to another fellow eBay'er who knew about
my situation. This quick thinking likely saved someone
else from falling victim.]
Thank
you very much for your cooperation!
eBay
Customer Support
Remember:
eBay will not ask you for sensitive personal information
(such as your password, credit card and bank account
numbers, social security number, etc.) in an email.
Copyright
1995 - 2002 eBay Inc. All rights reserved. Designated
trademarks and brands are the property of their
respective owners. |
|
Screenshot
of Fraud Page
Looks Legitimate ... Don't you Agree? Read
On ... |
|
|
Upon clicking on the link,
I was taken to a page that APPEARED to be eBay -- included
eBay Logos, links, search, etc. So, I completed the form,
and hit the "continue" (submit) button. I did
not notice that the link had redirected me to a fraudulent
site. I was exhausted and worried -- my life was upside
down due to my family member's illness.
>>> top
Everyone
is Vulnerable
What I’m trying to
say is that you don’t have to be stupid, an
idiot, gullible, foolish, or ignorant to ‘fall for’ and
reply to these messages -– and or to follow its
directive in confirming the the requested information.
It can simply be that someone is highly
distracted
by life’s events. (In my case, I supplied only eBay
UserID and password -- no
credit card info, but even that little bit of information
was enough to cause a HUGE problem).
>>> top
The
Day It All Broke Loose
I truly never would have
given it a second thought (in fact, I hadn’t), if
January 27, 2003 hadn’t proven to be one of the most
interesting eMail days I’ve ever had.
When I log on to my computer,
a program -- SpamKiller --
starts that accesses all of my eMail accounts, checks for
new messages, screens all received messages, and filters
out any that are identified as SPAM. The rules of defining
the SPAM can be created manually by the user and/or by
subscribing to and checking for regular updates
from the software seller (it used to be
a private
company; the software was sold to McAfee recently). The
program additionally provides Symantec's Norton AntiVirus
with the opportunity to scan the eMails for viruses --
before they are ever downloaded to your eMail client (your
eMail box).
On January 27, 2003, my
eBay password and ID were effectively "hijacked" for
39 minutes. The person(s) who stole the information were
able to post ONE fraudulent auction -- THREE MINUTES BEFORE
I CHANGED MY PASSWORD. They attempted to steal my identity
and were responsible for my receiving over 3,000 spam
emails. This onslaught of eMail was directed at my account
in an attempt to keep me from noticing that
I had received a note from eBay -- confirming that "I"
had accessed my eBay account and that my eMail address
had been changed.
THAT was the cause
of the "39-minute delay" in changing my password.
Because it took so long to download the messages (and I
have a broadband connection), it prevented me from seeing
the TWO messages that I received from eBay -- that informed
me of a submission of a change of address.
>>> top
The
First Clue
The first clue that something
was dramatically wrong were the two eMail messages that
I received from "real" eBay:
Dear [eBay
ID – USING REAL ID],
Thank
you for submitting your change of e-mail address
request. Instructions on completing the change
have been sent to your new email address. Once
the process is completed, your eBay-related email
will no longer be routed to this email address.
Change
of E-mail address request was made from:
IP Address: 200.142.239.xx [LAST TWO
DIGITS REMOVED FROM THIS POSTING]
ISP Host: 200.142.239.xx [LAST TWO
DIGITS REMOVED FROM THIS POSTING]
If
you or anyone with authorized access to your account
did not make this change, please go to http://pages.ebay.com/help/basics/select-RS.html and
submit an email to Customer Support.
Thank
you for using eBay!
http://www.ebay.com |
>>> top
Changing
your eBay eMail Address and What You'll See in Return
When I discovered the above
notification from eBay -- FINALLY! Something
legitimate! -- I immediately logged on to eBay, accessed
my account, and changed my password. A copy of the official
confirmation that I received is below.
Dear [eBay
ID – USING REAL ID],
PLEASE
READ THIS MESSAGE OR YOUR E-MAIL CHANGE WILL NOT
BE ACTIVATED!
YOU
MUST ENTER THE CONFIRMATION CODE CONTAINED IN THIS
MESSAGE IN OUR CONFIRMATION FORM IN ORDER TO ACTIVATE
YOUR CHANGE OF E-MAIL.
Please
access the following form to confirm your change
of e-mail:
[LINK
/ URL WAS PROVIDED -- BUT IS OMITTED HERE]
You can also access this from our Registered User Services
menu.
You
will be asked for the following information, which
you must type EXACTLY as it appears below:
User
Id: [EBAY USERID]
New E-mail address: [ACTUAL eMAIL ADDRESS]
Confirmation code: [OMITTED FROM POSTING]
Change
of E-mail address request was made from:
IP Address: [ACTUAL IP OMITTED]
ISP Host: [ACTUAL IP PREFIX OMITTED].comcast.net
A
notification of this change was sent to your previous
e-mail address for your safety.
Thank
you for using eBay!
http://www.ebay.com |
So see, WHEN SUBMITTING
AN EMAIL CHANGE REQUEST TO eBAY, NOTIFICATIONS ARE SENT
FROM eBAY. However, here's a note worthy of CAREFUL
study:
- They send one -- an "alert" message
-- to the "OLD" eMail address
informing that someone at IP Address XXXX has changed
your eMail (saying "Thank
you for submitting your change of e-mail address request.
Instructions on completing the change have been sent
to your new email address. Once the process is completed,
your eBay-related email will no longer be routed to this
email address."); and
- Another eMail is sent
directly to the "NEW" eMail
address that was submitted; WITH THOSE VERY IMPORTANT "SPECIFIC
INSTRUCTIONS."
In other words, I could
be out shopping, not at home, not at my computer, doing
nothing
with my eBay account, and someone who happens to break
into my account can submit a change, access the confirmation
instructions, confirm/complete the change ... access my
account and personal information and history ... and I
would be none the wiser.
Additionally --
if *I* had not succeeded in confirming the eMail address
change prior to the THIEF confirming the FRAUDULENT change,
I would have been unable to access my own account.
But,
you know, they DID care enough to actually DELETE my
entire "ABOUT ME" page. What IDIOTS.
Fortunately, I maintain quadruple backups of my files.
By MY assessment, this
should encourage eBay to implement some type of
verification for account changes. Something should be done
to more thoroughly
protect the legitimate user. Receiving the instructional
eMail at the "NEW" eMail doesn’t
help much ... if you really aren’t the one initiating
the change. And I seriously doubt that everyone remains
logged on to their computers 24 hours a day to receive
the "alert" messages.
>>> top
Checking
Everything Else
Then I proceeded to check
my eBay account activity – including online activities
with eBay connected credit cards, invoice activity, eBay
fees, etc. Nothing. Then I logged on to my credit card's
online secure site, to verify that it had not been compromised;
logged on to my other online payment accounts, verified
them, as well.
Strong
moral here: amazingly enough, I had
set up every account with different logons and passwords.
I feel VERY fortunate -- using non-identical logins
and passwords must have really frustrated
the thief, eh?
I then changed my “password
hint” on eBay, receiving this eMail confirmation:
You
have successfully changed your secret question and/or
answer.
This
is a courtesy notice. No response is needed.
If
you or anyone with authorized access to your account
did not make this change, please send an email
to password@ebay.com.
The
Change Password Hint request was made from:
IP Address: [ACTUAL IP OMITTED]
ISP Host: [ACTUAL IP PREFIX OMITTED].comcast.net
Thank
you for using eBay!
http://www.ebay.com |
>>> top
Tracking
and Tracing
Spending time on the most
immediate problem -- having my eMail box inundated with
3,000+ SPAM eMails -- succeeded in distracting me from
the offense that was later proven to be the biggest issue:
the eBay issue. After thinking that I'd accomplished all
I needed by changing my eBay eMail address, password, my
password hint, verifying the security of my credit cards
and other online payment accounts ... I proceeded to hunt
down the offending eMail SPAMMER.
I had the IP address that
had initiated the fraudulent eMail change request (200.142.239.xx).
I had the IP addresses and eMail address (buried in) the
Internet Headers of the FIRST eMail
(the one where I clicked on the link and provided my personal
login and password.)
So, I ran traces on them.
All of them. I'm in the Eastern part of the US. Found one
in Brazil. Sao Paolo. One in New Jersey. Closer. One in
Baltimore. Closer.
These traces provided me
with names, phone numbers, eMail addresses and street addresses –- a m o n g o t h e r t h i n g s .
Brazil. Just South and
East of Sao Paolo. This tracing program I use is a really
cool program –- it helps you to track down whoever
is bugging you. And this idiot was DEFINITELY bugging me
by
sending
3,000+
eMail messages.
I then spent an incredible
amount of time online with my ISP so that I could alert
THEM that their servers were being bombed and sucking up
a huge amount of bandwidth. They were able to look at the
Internet Headers (as I was) and determined that I had indeed
already pulled all of the pertinent information from the
files. They directed me to send “abuse” notifications to
the Brazilian NIC organization, the one that oversees all
Network Protocols in Brazil (and I also included as cc’s,
two individuals from the company that had routed the Spam
(200.142.239.xx).
Regarding
Thousands of Spam eMail Messages Sent from 200.142.239.xx
to My eMail Account
Date:
January 27, 2003
Location:
United States
Problem:
o
I have received over 3,000 messages from a sender
at ISP 200.142.239.xx in
less than two hours. All messages have the same
subject line and message text. The sender's email
address changes, but all are numeric-based.
o
Additionally, someone from IP address 200.142.239.xx tried
to change my eBay account eMail address.
I
have contacted the Technical Support Group of my
ISP (Comcast) about this problem. As a first step,
I am sending this email requesting your assistance.
Fortunately – I
was only ½ hour behind the beginning of
this attack, and was able to minimize the impact.
However, I am beyond frustrated at having my account(s)
hijacked and/or compromised and bombed with THOUSANDS
of eMails.
We
would really appreciate your cooperation and assistance.
If you are unable to take care of this issue, I
believe that Comcast intends to put a “block” on
this IP address (200.142.239.xx).
This will result in a complete black list of any
emails originating from this IP address – for
ALL Comcast users.
Comcast
intends to follow up with me in two days to find
out if I have received any resolution eMail back
from you.
I
am including in this eMail – both as COPIED
TEXT AND PDF FILE ATTACHMENTS:
o
ONE (1) copy of the ONE of the THOUSANDS of SPAM
eMails that I have received; and
o
The results of a TRACE that I personally ran on
the IP address that attempted to access and change
my eBay account.
I
look forward to your timely attention to this situation.
-- [My
Name Here!] |
Clicking
on the links below will allow you to view PDF versions
of one of the 3,000+ SPAM eMail messages (including
Internet Header information and the [modified] results
of the trace. Any changes or modification were simply
to remove some identifying information.
(To
download Adobe Acrobat Reader -- free -- click
here  .) |
My ISP, Comcast, was extraordinarily
helpful -- and very concerned. They are following up with
me in a few days to find out if I had any success in resolving
the issue directly with the IP holder.
I have since received this
response from the IP holder:
Hi,
Our
customer that uses the IP 200.142.239.xx is
with a bad configuration in his socks/proxy server,
that someone is using to send the e-mails to your
account and trying to access your account.
We
asked our customer to fix his proxy configuration
so no one from outside of his network can access
it. We believe this will be solved soon. If the
proxy from our customer generate any logging that
can help us identify the real IP of the origin
of the access I'll send you.
Regards,
[NAME OMITTED]
[eMail OMITTED]
[COMPANY OMITTED]
[PHONE OMITTED] |
I have not heard back from
them again, yet neither have I received anymore SPAM
relay messages.
>>> top
The
One That Slipped Through
When I participate in any
auction on eBay, I utilize a program called "Sold!"  created
and distributed by Timbercreek Software. Fabulous auction
management software.
So, I had this software
running in the background of my system. Eventually -- very
late in the night on January 27, 2003 -- I clicked
on the icon in my task manager. It prompted me with something
I'd never seen before. It wanted me to validate and key
in a number shown on a GIF image before it would update
the auctions I had in the program.
After keying in the number
represented by the GIF, I watched the program. It scans
my auctions -- both ones that I am watching for purposes
of bidding, and then it scans my eBay ID's to see if I've
posted any auctions. If I have, it adds them to the program
so I can watch how the bidding progresses during the course
of the auction.
Imagine my surprise (okay
... unbridled, uncontrolled, flaming fury and annoyance
at this point) to find that I have posted the following:
Mamiya
RZ67 camera with waist level finder and 120 and 220
backs with dark slides, all in mint condition. Mamiya
RB67 camera with waist level finder and 120 back
with dark slide, all in excellent mechanical condition.
The RB67 camera has leather peeling on the waist
level finder and one side, but this is strictly cosmetic
and does not affect its excellent picture quality.
The RB 120 back includes a Mamiya “G” adapter
for use on the RZ camera. Mamiya RB67 magnified chimney
finder with working meter. This also fits the RZ
camera. All lenses are RB lenses so that they may
be used on either camera. Mamiya recommended adapter
rings are included to give the RB lenses a “snug” fit
on the RZ camera. All lenses have clean, clear glass
with no scratches and are in excellent working condition.
Included lenses are: Mamiya-Sekor C 50mm f/4.5; Mamiya-Sekor
C 180mm f/4.5; Mamiya-Sekor (non-C) 90mm f/3.8; Rokunar
2X Auto Teleconverter. Misc items included: lens
shade, rubber eye piece for chimney finder, two 77mm
skylight filters, one 77mm graduated ND filter, plastic
insert to cover electrical contacts on RZ camera
when using RB chimney finder, front and rear lens
caps, front and rear RZ camera body caps, aluminum
case with padded interior, and 120 and 220 film-not
expired. Finally, included is a Manfrotto/Bogen Model
3401 heavy duty tripod with Manfrotto model 3047
heavy duty quick release three-way pan/tilt head
with extra quick release plate. This is a fabulous
kit ready for use. I am selling only because I am
coverting to digital.
Full
prepayment is required within 3 business days. Payment
can be made via bank wire to my account. I can not
accept credit cards. This is a large and heavy shipment-thus
the high shipping expense. I will ship via Fedex
service anywhere in the Europe for 120 Euros. You
will get the kit in 2-3 days directly to your door.
Thank you for bidding. |
Oh yeah, right.
Right. Uh huh and You Betcha. Only a bank wire
transfer to "my" account. Euros as
payment. Oh, I think that I might have forgotten to mention
that -- according to the auction posting -- "I" had
apparently relocated, and apparently now lived in Riga,
Latvia. And "I" am such a good person, "I" am
selling this with a Buy-It-Now option of $2,700 Euros,
even tho' I live in the US. Oh forgot. Since "I" now
live in Latvia, maybe "I" can accept and use
Euros. Then again, maybe not. 
Editor's
Note:
- "I" (with
quotation marks) indicates the idiot who stole
my ID.
- I, I,
or I (bold,
red, or just-plain-I) indicates ME.
As in, THE REAL ME.
I have been selling things
on eBay for a very long time. My reputation has always
been a point of pride. I treat my customers well, I am
always willing to accommodate specific needs and requests.
Suddenly, due to this fraud, "I" had
into someone who has a narrow list
of requirements
that the bidder must fit into before they can bid. "I" am
now disagreeable, untrusting and untrustworthy person.
Now, "I" require payment within three business
days AND will not accept credit cards, but hey the "lucky" winner
of the auction gets to submit payment via a really (NOT!)
inexpensive bank wire transfer! Fortunately, when I found
the auction, no one had yet bid -- despite the
phenomenal bargain. Oh, wait. I forgot. "I" -- no
wait NOW that's a REAL I,
not an "I" with quotes! -- I have "no-negatives-PERFECT" feedback.
Of course the poor bidder would trust "me."
Can you tell
I'm getting angrier here???
>>> top
Teil
zwei -- oder, wie die nie Endgeschichte fortfuhr
(Translation:
Part Two -- or How the Never Ending Story Continues)
So, you are no doubt wondering
how and why I switched to German. Hopefully, it's not been
entirely boring so far, but HERE'S where it gets REALLY
interesting.
No one had bid on the ONE
posted auction before I found it. I'm thinking that the S-I-M-P-L-E thing
(hadn't I learned by now?) would be to a) log
on to eBay, b) cancel the auction. So,
I skip on over to eBay, and log in. I bring up the auction,
try to cancel it.
|
Screenshot
of eBay Germany's Home Page
No, I'm Not Kidding. Read On ... |
|
|
It tells me that I had
to go to the site where "I" (we're back
to that!) originally entered the auction to be
able to modify or cancel the posting. Huh? WHAT? I follow
the link, and I end up at ... eBay
Germany!!! OH GRAND!
So now, I get to have MORE
fun. See, I hadn't gone through enough, so I guess it was
okay.
Naw, truly the thrill of
the hunt had my adrenaline going by now.
Seeking as the auction
text was actually in ENGLISH, I have no doubt that this
person did this to throw roadblocks in my way. Sorry, buddy,
you messed with the wrong person on this one.
It took me about TEN
minutes to navigate through the site, translate
what I needed, and take it down, cancel the auction,
erase the fraud ... and deny this idiot, jerk thief the
chance of ripping anyone off while using my name. Oh,
I'm sorry -- "It took me about TEN
minutes to 'steuern
Sie durch den Aufstellungsort, übersetzen Sie, was
ich benötigte, und nehmen Sie es herunter, annullieren
Sie die Auktion, löschen Sie den Betrug... und verweigern
Sie diesen Idioten, Ruckdieb die Wahrscheinlichkeit von
jedermann weg zerreißen beim Verwenden meines Namens.' "
|
Clicking
on this link will cause you to leave
this site and take you to Altavista's web site |
|
|
Pretty cool, eh?
Want to know how this was
done? How DID I translate this so quickly and navigate
my way through a site when I no previous lessons in the
German language?
Altavista
Babel Fish Translation Service  Yup.
As in Altavista --
the search engine. This very specialized site -- available
free of charge -- allows you translate words, sentences
... or entire web pages.
As a matter of fact, you
can even add
Babel Fish to your own web site. Altavista makes the
code available to anyone.
Well, I got MY immediate
problem solved. But I realize that the really frustrating
part about this step of my process is that not everyone
would have known to -- or thought of -- accessing a site
like Altavista's Babel Fish in order to put an end to a
nightmare. Sure, I could have sent an eMail to
eBay ... but how quickly would they have gotten the eMail,
how soon would they have shut down the fraudulent auction,
how quickly could they have responded if I found myself
dealing with an irate winning bidder who had just lost
their $2,000+ dollars on an illegal -- most likely
unfilled -- auction? This was a "3-day auction." Time
was not a luxury I could fall back on.
>>> top
How
International Can This GET?
So we're really becoming
world travelers now, aren't we? Let's see ... I've got
Brazil, Germany, a few Caribbean Islands ... and Latvia.
And New Jersey and Maryland, but, hey, they're not "International" to
me. 
What else can happen? Anyone
want to offer any guesses? Time's up. Sorry ... I'm tired
and I'm punchy.
To add more fun to my life,
at 3:31am, I receive an eMail from "eBay United
Kingdom Customer Support." To quote a line from
one of my favorite movies, "Oh, this just keeps
getting better."
I'm including the Internet
Headers here (personal info again omitted). Yup.
HEADER |
Return-path: <uksafeharbour@ebay.com>
Received: from bright15. (bright15-qfe0.icomcast.net [172.20.4.104])
by msgstore03.icomcast.net
(iPlanet Messaging Server 5.2 HotFix 1.09 (built Jan 7 2003))
with ESMTP id <0H9F00G4W0ZYQO@msgstore03.icomcast.net> for
[MY EMAIL]@ims-ms-daemon; Tue,
28 Jan 2003 03:31:11 -0500 (EST)
Received: from mtain04 (bright-LB.icomcast.net [172.20.3.155])
by bright15. (8.11.6/8.11.6) with ESMTP id h0S8V9b21660 for
<@msgstore03.icomcast.net:[MY EMAIL]@comcast.net>;
Tue,
28 Jan 2003 03:31:09 -0500 (EST)
Received: from mx20.smf.ebay.com (mxsmfpool10.ebay.com [66.135.209.207])
by mtain04.icomcast.net
(iPlanet Messaging Server 5.2 HotFix 1.09 (built Jan 7 2003))
with ESMTP id <0H9F00D1G0ZN5F@mtain04.icomcast.net> for [MY
EMAIL]@comcast.net
(ORCPT [MY EMAIL]@comcast.net);
Tue, 28 Jan 2003 03:30:59 -0500 (EST)
Received: from miami.smf.ebay.com (miami.smf.ebay.com [66.135.215.166])
by mx20.smf.ebay.com (8.12.3/8.12.3) with ESMTP id h0S8Uw6T010124
for
<[MY EMAIL]@comcast.net>; Tue, 28 Jan 2003
00:30:58 -0800
Received: from rhv-kas-01.corp.ebay.com
(rhv-kas-01.corp.ebay.com [64.68.79.237])
by miami.smf.ebay.com (8.11.6+Sun/8.11.6) with SMTP id h0S8UwZ24756
for
<[MY EMAIL]@comcast.net>; Tue, 28 Jan 2003
00:30:58 -0800 (PST)
Date: Tue, 28 Jan 2003 00:30:57 -0800
From: eBay United Kingdom Customer Support <uksafeharbour@ebay.com>
Subject: eBay - Regarding your account (KMM66923165V42605L0KM)
To: [MY EMAIL]@comcast.net
Reply-to: eBay United Kingdom Customer Support <uksafeharbour@ebay.com>
Message-id: <200301280830.h0S8UwZ24756@miami.smf.ebay.com>
MIME-version: 1.0
X-Mailer: Kana 6.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: quoted-printable
Original-recipient: rfc822;[MY EMAIL]@comcast.net |
| BODY |
Hello,
You
may not have been aware, but your account had been
temporarily compromised and used to list a few
unauthorised auctions. You will not be held responsible
for these auctions.
Additionally,
the email address on your account was changed,
which is why you did not receive an email pertaining
to these listed auctions.
Please
complete the following instructions to regain control
of your account:
First,
please change the password on your EMAIL account
to verify that it is secure and cannot be accessed
by anyone other than you.
Once
you've changed your email and eBay passwords, please
also change your password hint question here:
http://cgi3.ebay.com/aw-cgi/eBayISAPI.dll?ChangePasswordHint
Finally,
please verify that the contact information we have
on file for you is correct. If necessary, your
contact information may be updated using the following
URL:
http://pages.ebay.com/services/myebay/change-registration.html
All
fees associated with these auctions will be credited
to your account and should appear within 7 days.
Concerning your credit card information, we assure
you that this information is stored on a secure
server and cannot be viewed by anyone.
Please
keep in mind you may have some winning bidders
contact you. Please briefly explain to them what
occurred, and have them email us using the web
form found here:
http://pages.ebay.com/help/basics/select-RS.html
We
assure you that any negative feedback linked with
these specific auctions will be removed upon your
request.
Let
me also suggest a few ways this take-over could
have occurred:
First,
there have recently been a number of emails sent
to eBay members asking for User IDs and passwords.
These unsolicited and spoofed messages appear to
come from eBay Support, but in fact are not. eBay
would never ask for sensitive information of this
nature via email.
Second,
if you use a fairly simple or easy-to-guess password,
it's possible someone could have guessed it after
repeated attempts. For this reason, it's important
to use a password that uses a combination of letters
and numbers making it very difficult to guess.
The same applies for the password hint question.
It's also important to use different passwords
for the various online accounts you use (email,
Billpoint, PayPal, etc).
Last,
there are a number of computer viruses in circulation
that log and record keystrokes. It's recommended
that computer users keep their virus alert software
up-to-date, and check their system often for problems.
A firewall for high-speed internet users is also
highly recommended.
Thank
you for your patience and understanding regarding
this matter.
Regards,
Jan
Richter
eBay Customer Support
______________________________
eBay
Your Personal Trading Community (tm)
*******************************************
Try the new and improved Sell Your Item 2.0 and see how much
easier it is to sell!
You
can find the New Sell Your Item form at:
http://cgi5.ebay.com/aw-cgi/ebayISAPI.dll?SellYourItemSignIn
_____________________________________________
Important:
eBay will not ask you for sensitive personal information
(such as your password, credit card and bank account
numbers, Social Security numbers, etc.) in an email.
Learn more account protection tips at:
http://www.pages.ebay.com/help/account_protection.html
_____________________________________________
For
our latest announcements, please check:
http://www2.ebay.com/aw/announce.shtml
_____________________________________________
In
order to better serve you, we'd like to occasionally
request feedback on our service. If you would rather
not participate, please click on the link below
and send us an email with the word ""REMOVE"" in
the subject line. If that does not work, please
send an email to the email address below. Your
request will be processed within 5 days.
mail
to: cssremove@ebay.com
*********************************** |
At this point, I gotta
tell you, I'm beyond believing much of ANYTHING. I told
you'd I'd acquired a heavy dose of skepticism.
I check all the message
Internet Headers. Fine. I run traces on the IP's it passed
through. Fine. Whatever. All of the links are legit.
It still prompted one seriously
curious question to pop into my head: if
they thought my eMail address had been changed ...
how in the heck -- or WHY in the world -- did they send
me this eMail message? To the same account that they were
saying had been defrauded.
>>> top
eBay's
Response
Late in the evening, I
did send a report to eBay reporting the original SPAM/SCAM
eMail. To their credit, I also received a response -- approximately
30 hours after the report. Not too bad, really! I'm impressed! 
Regardless, I'm entertaining
the idea of calling them, because this has gotten WAY more
complicated than any eMail can convey.
Hello,
Thank
you for writing regarding the email you received
that appeared to be from eBay.
First
let me begin by telling you that this email was
not sent by eBay nor endorsed by us in anyway.
These emails are the result of a fraudulent entity
who primarily targets members who are using their
email address as their eBay User ID. Please let
me assure you that eBay will NEVER ask for your
private information, including passwords, in an
email format. If we ever request information from
you, we will always direct you back to the eBay
site to enter this information. With very few exceptions,
you can submit this through your "My eBay" pages.
If
you have entered information on any website other
than eBay, you should immediately take steps to
protect your personal information. First, you should
start by changing your eBay password and the password
hint if you have one set up. If you find your eBay
account password has been changed, you should contact
us immediately by replying to this email.
Next,
we recommend that you contact the applicable financial
companies and even your local authorities with
these details. You may also write back for a detailed
list of agencies to help get you started in recovering
your information. If you have set up a selling
account on eBay, please be assured, if another
person was to gain access to your eBay password,
your credit card and bank information will remain
safe on our site. Sensitive billing information
cannot be accessed using your User ID and password.
Information previously supplied may be updated
but cannot be retrieved or viewed by the user.
Although
we are unable to provide follow up information
regarding the result of our investigation, we do
take these offenses very seriously and will make
sure that appropriate action is taken against those
responsible. Let me assure you that these emails
and associated websites are reported quickly and
in turn sent to our Fraud Legal Team for an aggressive
investigation. Often times we are able to contact
the web site hosts and have the sites shut down
before most members have a chance to even try to
go there. This is not always the case, but we do
work actively and aggressively to pursue these
fraudulent entities. Please keep in mind that eBay
is a public company and not associated with any
legislative or police entities. We rely on the
same agencies you do to pursue these fraudulent
entities.
As
mentioned above, currently we believe that these
emails are being sent to members that are using
or have used their email address as their eBay
User ID. (This is how your email address was found).
If your user ID is currently your email address
you may change it by following the instructions
below:
*
Click on the site map link located at the top of
any eBay page
* Under the 'Services' section heading, click on 'Change
my User ID' and follow the instructions on that page
(Just
so you know, if you change your user ID, your feedback
profile will not change. It will follow you seamlessly
to your new ID. However, you will have a set of "shades" next
to your new ID to alert members to the change.
)
If
you have ever used your email address as your eBay
User ID and you have received spam, then there
is a good chance your email address has already
been harvested. Simply by changing your User ID
will not remove your email address from spam circulations.
If this is the case, you may need to obtain a new
email address altogether.
Even
if you did not enter any information, you may want
to check out some of these helpful fraud prevention
and anti-Spam sites below:
http://spam.abuse.net
http://spamcop.net/
http://mail-abuse.org/
http://www.usdoj.gov/criminal/fraud/idtheft.html
If
you should receive another email like this in future,
please re-submit your concern through our web form
using the link below:
http://pages.ebay.com/help/basics/select-RS.html
Again,
thank you for your efforts to help keep eBay a
safe place to trade. Please let me know if you
will require additional information or assistance.
Regards,
Brianna
eBay SafeHarbor
Investigations Team
______________________________
eBay
Your Personal Trading Community (tm)
*******************************************
Important:
eBay will not ask you for sensitive personal information
(such as your password, credit card and bank account
numbers, Social Security numbers, etc.) in an email.
Learn more account protection tips at:
http://www.pages.ebay.com/help/account_protection.html
_____________________________________________
For
our latest announcements, please check:
http://www2.ebay.com/aw/announce.shtml
_____________________________________________
In
order to better serve you, we'd like to occasionally
request feedback on our service. If you would rather
not participate, please click on the link below
and send us an email with the word "REMOVE" in
the subject line. If that does not work, please
send an email to the email address below. Your
request will be processed within 5 days.
mailto:cssremove@ebay.com |
>>> top
Morals,
Lessons and Take-Aways
Some of the most important
things that I want to emphasize are:
- When clicking
on a provided URL/link – everything
PRIOR to an “@” symbol is ignored. For
example, in MY case, using the http://cgi3.ebay.com@64.176.128.170/eBayISAPI.dll?&... the http://cgi3.ebay.com@ was
ignored, and I was redirected to a authentic looking
fraudulent site that was actually identified by everything
AFTER the @ symbol.
- All eBay genuine
links will begin with http://cgi.ebay.com/ in
the browser location bar. For more info on the URL's
used on eBay web pages (International sites may differ),
please visit the eBay Account
Security Page.
- Passwords.
Passwords. Passwords. Make sure that all of
your logins and passwords at any online organization – Yahoo!,
Microsoft, Amazon, PayPal, American Express, VISA/MC,
eMail Accounts, and any-and-every-thing else – are DIFFERENT!
While it’s obviously easier to have everything
be the same … it makes it easier for the THIEF,
as well. Don't enable them.
- Only change
or confirm your personal eBay information by
directly logging on to www.ebay.com and
accessing the account info through that route.
- Check your
eMail accounts as often as possible and be
diligent about following up on suspicious activity
or notes. Suspicious eMails should be forwarded to spam@ebay.com.
Be sure to include the “Internet
Header” info.
- For more information on
how to protect your eBay password and your account, click
here.
I feel beyond grateful
that I wasn't hit harder with this scam and I think (hope!)
that I've managed to get my hands around this. It has taken
almost two solid days to do so ... but it could have been
so much worse. Fortunately it has not yet cost me either
financially or by "identity theft” –-
which by all assessments appears to have been the defrauding
motive.
I truly hope that this
has helped or provides some insight to something someone
else might be going through.
>>> top
|
12k)