Hosting Provided By

RE: Fraudulent use of ebay's name

From: Jonathan A. Zdziarski <jonathan(at)networkdweebs.com>
Date: Wed Nov 20 2002 - 01:01:23 EST

I believe someone had also registered paypai.com and was sending "You've got Cash!" emails to everyone at one point. It'd be nice if companies like paypal that touched you that intimately would PGP sign their more important [non-spam] emails.

-----Original Message-----

From: Rob Shein [mailto:shoten@starpower.net] Sent: Tuesday, November 19, 2002 3:35 PM To: 'Ragnar Paulson'; incidents@securityfocus.com Subject: RE: Fraudulent use of ebay's name

I've gotten something similar to this, from paypal, about a month ago. The text was different, but the underlying statements (corruption of account info, log on here to fix it...) were the same. It had graphics from paypal's site, but the links that were of any real consequence went to a paypal-esque domain that was not theirs (and was actually offline by the time I read the email that morning).

-----Original Message-----

From: Ragnar Paulson [mailto:ragnar@wanware.com] Sent: Monday, November 18, 2002 12:52 PM To: incidents@securityfocus.com
Subject: Fraudulent use of ebay's name

I received the email following this (headers included) on Saturday. It's pretty clear to me that EBAY didn't send this and I've informed them. However perhaps the text outside the obvious formail header is a pretty good attempt to deceive, pehaps there should be more a more widespread warning.

Regards,

Ragnar Paulson                   ragnar@wanware.com

The Software Group Limited
705 725 9999 x21

Return-Path: <anonymous@dprhplesk09.doteasy.com> Received: from dprhplesk09.doteasy.com ([209.153.218.1]) by ns2.wanware.com (8.11.6/8.11.6) with SMTP id gAGB3ox12164 for <ragnar@software.group.com>; Sat, 16 Nov 2002 06:03:51 -0500 Received: (qmail 21425 invoked by uid 10044); 16 Nov 2002 04:26:11 -0000 Date: 16 Nov 2002 04:26:11 -0000
Message-ID: <20021116042611.21415.qmail@dprhplesk09.doteasy.com> To: deayuu@yahoo.com, fbauter@yahoo.com, ishoj@hotmail.com,

ragnar@software.group.com, ragnar@valley-internet.net, amem@latinmail.com,

Do you need help?

slg@worldnet.fr, kristi_allison@hotmail.com, slg_2001@hotmail.com From: ehtelx@ezysurf.com (ehtelx@ezysurf.com) Subject: eBay Verification Process

X-RAVMilter-Version: 8.4.1(snapshot 20020919) (ns2.wanware.com)
X-spam: OK
X-spamscore: 2.9

Contenuto del messaggio inviatoti tramite il tuo FormMail. E' stato inviato da ehtelx@ezysurf.com (ehtelx@ezysurf.com) il Venerdì, 15 Novembre 2002 alle 20:26:11

---

edy:

Dear eBay User,

It has become very noticeable that another party has been corrupting your eBay account and has violated our User Agreement policy listed: 4. Bidding and Buying.

You are obligated to complete the transaction with the seller if you purchase an item through one of our fixed price formats or are the highest bidder as described below. If you are the highest bidder at the end of an auction (meeting the applicable minimum bid or reserve requirements) and your bid is accepted by the seller, you are obligated to complete the transaction with the seller, or the transaction is prohibited by law or by this Agreement. You received this notice from eBay because it has come to our attention that your current account has caused interruptions with other eBay members and eBay requires immediate verification for your account. Please verify your account or the account may become disabled.

Click Here To Verify Your Account - <A
HREF="http://paypal4.netfirms.com/">eBay Verification Process</A>

Designated trademarks and brands are the property of their respective owners. eBay and the eBay logo are trademarks of eBay Inc.

ajtn

---

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

Do you need more help?

DSPAM Exception: securityfocus
DSPAM Matched 'Click Here To' (/usr/local/dspam/lists/dmatch.txt/152)

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Fri Nov 22 05:35:14 2002

This message: [ Message body ]
Next message: Mike Cain: "RE: Proxy server hit... Any ideas?"
Previous message: Steve Cody: "RE: Fraudulent use of ebay's name"
In reply to: Rob Shein: "RE: Fraudulent use of ebay's name"
Next in thread: carl(at)polymedia.co.uk: "Re: Fraudulent use of ebay's name"
Reply: paul(at)doevil.com: "RE: SMTP Scans"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:51 EDT