A refresher on eBay’s instructions for spotting a spoofed message…
- Contains attachments or scripts that must be opened or activated;
- May have a real sender’s email address in the “From” field;
- Greeting is often general, like “Hello eBay User”, or your email address;
- Claims eBay is updating accounts and your account is in jeopardy, and/or;
- Requests stuff like User ID, password or bank account number.
So guess what’s been showing up in inboxes across the globe… again? This just in…
From: aw-confirm@ebay.com
To: enduser@foobar-inc.com,
Dear enduser@foobar-inc.com,In an effort to protect your eBay account security, we have suspended your account until such time that it can be safely restored to you. We have taken this action because your password may have been compromised. Although we cannot disclose our investigative procedures that led to this conclusion, please know that we took this action in order to maintain the safety of your account. However, your account is marked for too many failure logins since February 05, 2005. It is interesting that the hostnames are from different countries:
United States (c-24-4-60-31.client.comcast.net)
Japan (u183194.ppp.dion.ne.jp)
Australia (gspp-p-144-134-57-104.prem.tmns.net.au)
Canada (kitchener-hse-ppp3569890.sympatico.ca)Please authorize your registration information on or before February 14, 2005.
Currently registration information will be screened when you login.Follow the link to make sure you are on our secure page.
https://signin.ebay.com/ws/eBayISAPI.dll?SignInThank you for using eBay!
Copyright 1995-2005 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.eBay and the eBay logo are trademarks of eBay Inc.
Now let’s apply eBay’s criteria:
- Ignore the sender’s email address (it’s probably legit);
- Note that the greeting is your email address, instead of your name, and;
- Your account has been suspended because your password has been compromised.
Looks like that message fits eBay’s “spoof” mold, doesn’t it? Don’t change a thing. Forward it to spoof@ebay.com.
To further avoid spam fraud, eBay advises that you never click on a link in a message, because it may contain a hidden redirector. Always open your web browser manually, type in “www.ebay.com”, and log into your account. “If we request information from you, we will always direct you back to the eBay site. With very few exceptions, you can submit the requested information through your “My eBay” page.”
eBay also offers a free toolbar that alerts you if you stumble onto a fake eBay or PayPal site.
Despite all this, eBay continues to send HTML messages containing links.
Digging further, check the hidden message header. (In Outlook, you do this by highlighting the message, then selecting [Tools][Options] from the menu at the top of the screen.)
See the line that says something like “Received: from unknown (HELO PayPal-Server3) (207.44.210.27)?” Copy the IP address to your clipboard, then check the sender’s blacklist and whois records, using our free Online Spam Fighting Tools. Doesn’t look much like eBay, does it?
To protect your less knowledgeable charges, you may want to set your network content filter to disable all embedded links.
No comments
Comments feed for this article