Hosting Provided By

RE: EBay Fraud Attempt

From: <george.wasgatt(at)insurity.com>
Date: Tue Dec 10 2002 - 08:40:15 EST

Ebay is aware of this and other fraudulent attempts to harvest user credentials. Here is what they have to say about it in their announcements section:

Date: 12/06/2002
Time: 13:15:46 PST
***Protect Your eBay Password and Your Personal Information***

eBay treats your personal information with the utmost care, and our Privacy Policy is designed to protect you and your information.

Some members have reported attempts to gain access to their personal information through email solicitations that are falsely made to appear as having come from eBay. These solicitations will often contain links to Web pages that will request that you sign in and submit information. At eBay, we identify these as 'spoofed' emails or Web sites.

We encourage you to be very cautious of emails that ask you to submit personal information such as your credit card number or your eBay password.

To be sure that you are signing into a genuine eBay Web site, look at the Address/Location area of your browser. At an eBay.com sign-in or log-in page, the URL (link) that appears in the Address/Location area of your browser will begin with "http://cgi.ebay.com/" or "http://scgi.ebay.com". Please pay close attention to all characters in the address, including the forward slash (/) that follows "ebay.com". Even if the Address/Location includes the word "ebay", it may not be a genuine eBay Web site. If you receive or suspect you have received such an email, do not respond to it or click the links. Immediately send a copy of it to spam@ebay.com.

If you have any doubt as to whether or not the website you are on is an official eBay web page, please visit our Account Security page for more complete information on the URLs used on eBay web pages.

For more information on how to protect your eBay password and your account, click here.

Do you need help?

Regards,
eBay

-----Original Message-----
From: jlewis@lewis.org [mailto:jlewis@lewis.org] Sent: Sunday, December 08, 2002 11:45 PM To: Logan F.D. Greenlee
Cc: incidents@securityfocus.com
Subject: Re: EBay Fraud Attempt

This is definitely an attempt to socially engineer your credit card info, bank account info, and enough personal information to commit identity theft against anyone dumb enough to fill out the form (and I'm sure there are many suckers out there). You should immediately forward a copy to at least the following:

privacy@ebay.com (don't know if this is the best contact, but it's all I found in a quick look at their site). This is the sort of thing Ebay will sick their lawyers on for use of the ebay name.

noc@accentric.net (they're the tech contact for the IP block www.ebayupdates.com resolves to)

domain.tech@YAHOO-INC.COM (they're the tech contact for the domain ebayupdates.com, which seems to be registered to some creep in Niceville, FL (which sounds fake, but actually exists)).

It wouldn't hurt to try to notify the FBI and local Niceville police...but how much time to you want to spend on this? Odds are, you'll have to place several calls and talk to multiple people before you find an agent/officer who understands what a website is and why this one is bad. If Ebay's security people return your message/call, maybe you can just ask tem if they'll push the right buttons to get the FBI to pickup the person responsible for the site. They're likely going to be more familiar with what it takes to get some action.

On Sat, 7 Dec 2002, Logan F.D. Greenlee wrote:

Do you need more help?

> To the moderator:
>

> This list is provided by the SecurityFocus ARIS analyzer service.

 Jon Lewis *jlewis@lewis.org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |

_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Wed Dec 11 13:05:20 2002

This message: [ Message body ]
Next message: Jim Terry: "RE: Odd entries in my Security Router logs"
Previous message: Kee Hinckley: "Re: EBay Fraud Attempt"
In reply to Logan F.D. Greenlee: "EBay Fraud Attempt"
Reply: Chris Gordon: "RE: EBay Fraud Attempt"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:54 EDT