I got this in my Junk mail today:

To: "eBay Customer" <>
From: "eBay"
Subject: A21 FPA NOTICE: possibble account access by a third party
Date Sent: Fri, 19 Mar 2004 07:51:43 -0800
Date Recd: Fri, 19 Mar 2004 10:57:21 -0600

Dear eBay member


We recently noticed one or more attempts to log in to your eBay account from a
foreign IP address and we have reasons to believe that your account was hijacked
by a third party without your authorization.

If you recently accessed your account while traveling, the unusual log in attempts
may have been initiated by you.
However, if you are the rightful holder of the account, click on the link below,
fill the form and then submit as we try to verify your identity.

http://cgi3.ebay.com//aw-cgi/eBayISAPI.dll?VerifyIdentity&ssPageName=eBayISAPIdentityXVERified2.html


The log in attempt was made from:
IP address: 68.97.63.109
ISP host: ip68-97-63-109.ok.ok.cox.net


If you choose to ignore our request, you leave us no choice but to temporally suspend
your account.

We ask that you allow at least 72 hours for the case to be investigated and we
strongly recommend not to make any changes to your account in that time.

If you received this notice and you are not the authorized account
holder, please be aware that it is in violation of eBay policy to represent
oneself as another eBay user. Such action may also be in violation of
local, national, and/or international law. eBay is committed to assist
law enforcement with any inquires related to attempts to misappropriate
personal information with the intent to commit fraud or theft.
Information will be provided at the request of law enforcement agencies to
ensure that perpetrators are prosecuted to the fullest extent of the law.

*Please do not respond to this e-mail as your reply will not be received.

Thanks for your patience as we work together to protect your account.


Regards,

Safeharbor Department
eBay Inc.


I clicked on the link, and immediately noticed that the link did not send me to ebay. In fact, it sent me to a mirror site... one that looked like ebay, but was, in fact, a scam.

Further investigation made me realize that the aw-confirm address was spelled wrong (but it's hard to spot if you're just skimming.) And here's the header information, and the true reason why everyone should be careful when clicking on things:

Received: from www.chinamedexpo.com ([202.99.16.21])
by smtp.sff.net (Greyware Mailman 1.1.b.20040129R)
with ESMTP ID ;
Fri, 19 Mar 2004 10:57:04 -0600
Received: from CYBER11 ([203.228.190.41])
(authenticated bits=0)
by www.chinamedexpo.com (8.12.5/8.12.9) with ESMTP id i2JFlHl9022682
for ; Fri, 19 Mar 2004 23:47:21 +0800
Message-Id: <200403191547.i2JFlHl9022682@www.chinamedexpo.com>
Reply-To: "eBay Security"
From: "eBay"
To: "eBay Customer"
Subject: A21 FPA NOTICE: possibble account access by a third party
Date: Fri, 19 Mar 2004 07:51:43 -0800
Importance: Normal
X-Priority: 3 (Normal)
MIME-Version: 1.0
X-Mailer: Mach5 Mailer-3.00 PID{606b506f-00f0-4275-950d-9279d27ffe34}
RI{e2737-9ecec}
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
X-Exempt-Data: No
X-Exempt-IP: No
X-Envelope-From: aw-conflrm@ebay.com
X-Renamed-Executables: No
X-Disabled-Scripts: No
X-Spam-Identifier: [Disallowed URL]: http://66.206.7.193/scgi-bin/eBayISAPIdentityXVERified1.html


Be careful, everyone. The website asked for my ebay userid, password, and credit card number. I really hate to imagine how many people have been scammed by this particular email.

Comments

Popular Posts