Jump to content
Guidelines - Read before posting!

Letter From Ebay....

PaRtZ

By PaRtZ
in Chit Chat

 Share

Recommended Posts

PaRtZ Thats Enough Now Tart

PaRtZ

Posted
Posted (edited)

First off, I've not used ebay for about 3 years now. Then suddenly in my inbox appears this rather formal and real looking email:

Dear mattu4@hotmail.com:

Valued eBay Member,

We are contacting you to remind you that on 08 JUN 2006 we identified some unusual activity in your account coming from a foreign IP address :capitol.guatemala-203-pc.in ( IP address located in India ) . We have been notified that a card associated with your account has been reported as lost or stolen and involved in fraudulent transactions, or that there were additional problems with your card.

According to our site policy you will have to confirm that you are the real owner of the eBay account by completing the following form or else your account will be marked as fraudulent , and will remain open for investigation. You will pay for the fees wich will result from the financial transactions between eBay and FIT ( Fraud Investigations Team ) .

https://signin.ebay.com/ws/eBayISAPI.dll?Si...f=&UsingSSL=yes

[attachmentid=5208]

Now first off the link takes me to : http://signin.ebay.com.user-id4606.com/ws/eBayISAPI etc etc Which for a start makes me wonder what the hell the user-id4606 is all about

Second point of suspiscion is that after i entered my details (a one off password which isn't used for many other important things) i get take to a screen asking for my bank details, INCLUDING MY PIN NUMBER!!

Now i thought maybe...just maybe its all true. So itested it again (didn't put anything in ofcourse) but i went back and put in partz and bashed the keyboard as the password

it went through.....

[attachmentid=5209]

And then the peirce de resistance of checks:

[attachmentid=5210]

Just a warning for everyone, Don't open Emails from ebay until VERY Carefully examining every part of it. It fooled me up until the point of asking for my PIN number....

EDIT: Just went on to ebay as normal and signed in (took me ages to guess my username) and everything was normal (Y)

Edited by PaRtZ
Link to comment
Share on other sites
adamtrials Too Much Spare Time

adamtrials

Posted
Posted

yeah thats pretty obious, the thing to look out for is anything with some guff in the url that dosent look normal, as long as the url has ebay next to the .com you should be ok, the domain for this one is

user-id4606.com not ebay .com...

Theres a page on ebay about detecting spoofs, read it and you should be ok

Link to comment
Share on other sites
nickyw Trials Master

nickyw

Posted
Posted

not totatlly _pwned....

Ahh I actually got someone trying to actually acsess my pc while back when I was on it.

caught them opening start at the left bottom part of our screeen's on xp.

Tis' bad though getting scammed. :closedeyes:

Link to comment
Share on other sites
sfboy Trials King

sfboy

Posted
Posted

Firstly ebay would never do anything like this, secondly ebay emails always contain your name (although this could be scooped) and thirdly the last part of the bit before the dot co dot uk is ebay, not user-blah blah. But I', not surprised that so many people fall for these scams, scammers are rubbish, they should be shot (a little).

Link to comment
Share on other sites
PaRtZ Thats Enough Now Tart

PaRtZ

Posted
  • Author
Posted (edited)

I'm confused.. I clicked the link you posted and I tried fake login details but it knew they were incorrect??

Surely if this was a scam it wouldn't know??

Confused!!

Yes sorry about this its easier to explain with some examples:

http://www.altavista.com

http://www.planetporn.co.uk

etc. Bascially it looked like it was going to take me to normal ebay, but instead it took me elsewhere. That link was copied + pasted from the e-mail, I didn't actually hyperlink to the destination as in the email

Now you're confused......try the examples again ;)

Edited by PaRtZ
Link to comment
Share on other sites
Smoâ„¢ Too Much Spare Time

Smoâ„¢

Posted
Posted
Domain Name: USER-ID4606.COM

Domain Status: ACTIVE

Registrar: Wooho T&C Co., Ltd. d/b/a RGNames.com

Referral URL: http://www.RGNames.com

Domain Registration Date....: 2006-06-09 GMT.

Domain Expiration Date......: 2007-06-09 GMT.

Domain Last Updated Date....: 2006-06-09 08:10:24 GMT.

Registrant:

Ek Panatkool

9321 244th ST SW apt R#204,

, 98020

US

Administrative, Technical, Billing Contact:

Ek Panatkool Email address protected from spam harvesters

9321 244th ST SW apt R#204,

, 98020

US

(PHONE) +206-240-47-68 (FAX) +--

Domain Name Servers in listed order:

NS1.NS-SN.COM 64.18.153.107

NS2.NS-SN.COM 216.66.21.130

Link to comment
Share on other sites
Tony Harrison Too Much Spare Time

Tony Harrison

Posted
Posted

I always wondered who was stupid enough (no offence!!) to follow one of these links and put information in. They're giving you the rope... don't use it! Although thankfully you were alert enough to not put your bank details in - enough people do though...

As someone said, if the link doesn't end in '.ebay.com' then it's fake. Anything between 'ebay' and '.com' and it's bad news.

Also watch out - in HTML you can write links that go somewhere else, like this one (click it):

http://www.ebay.com

Furthermore, if you get info asking you to complete user details, etc, there's an easy way round it - go to the genuine eBay site and log-in - if you're asked to do something, there'll be a message for you. Same thing goes for bank sites, etc. It's too easy to follow a link and get sucked in. Don't enter a single thing, don't email back telling them to sod off - just bin the email and forget it.

Check this site out. It could save you lots of hassle.

Link to comment
Share on other sites
Greetings Post Whore

Greetings

Posted
Posted

My god, make fun of them. Enter false data etc, take the piss out of them. I was asked for an accurate scan of my ID from the largest auction websites in Poland. This was a scam. I sent them the scan, but photoshopped it, added a photo of a dog instead of me, changed my birthday date to 2010 etc. No reaction to that, although they threatened that if I didn't send it, they'd block my accout. Idiots :P

But yeah, it probably works - I'm certain that among all the e-mails they've sent out trying to acquire peoples pin number, card number etc. there will be a few idiots who treat them seriously and fill the form in. Thank god trials riders are very intelligent people with big heavy brains.

Link to comment
Share on other sites
poopipe Too Much Spare Time

poopipe

Posted
Posted

to put the shits up you further ... it used to be possible to rewrite the url that appears in the address bar of your browser so it's lying (ISAPI rewrite I think the module is called )- I imagine someone like danny would be able to tell us whether its still doable or not.

ignore email from the following...

ebay

paypal

your bank

nigerians

Link to comment
Share on other sites
MasterOfGussets Trials Monkey

MasterOfGussets

Posted
Posted

to put the shits up you further ... it used to be possible to rewrite the url that appears in the address bar of your browser so it's lying (ISAPI rewrite I think the module is called )- I imagine someone like danny would be able to tell us whether its still doable or not.

ignore email from the following...

ebay

paypal

your bank

nigerians

You can do it with Javascript.

It's just some crappy 'phishing' email.

Seeing that they mentioned an Indian IP I would guess it's a thing from some little group of Indian teenage hacker-wannabes (Lots of them in India - Brazil is big for it too). I would guess they're little kids that haven't learnt to break into computers yet so are sending anonymous emails trying to catch card details.

Just keep submitting false data and totally clog up their database.

Link to comment
Share on other sites
Alexx Trials Elite

Alexx

Posted
Posted

to put the shits up you further ... it used to be possible to rewrite the url that appears in the address bar of your browser so it's lying (ISAPI rewrite I think the module is called )- I imagine someone like danny would be able to tell us whether its still doable or not.

You've never been able to change the address in the address bar to something you don't own. You can use frames to make one site look like another site, but the target site must be the one with the frame, so you still have to own the URL in the address bar - making it no use for scammers.

You can change what it says in the status bar, bottom right, when you hover over a link - to say a different url to the one it's actually going to take you to.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...