RE: EBay Fraud Attempt

Looks like this has already been taken care of, according to this news article... http://news.bbc.co.uk/2/hi/business/2564725.stm

The world's largest online auction site eBay has been targeted by fraudsters using a shadow site to steal credit card details from its 55 million customers. The scam involved sending e-mails to customers asking them to log on to a Florida-based website - ebayupdates.com - and re-submit their financial details. "We at Ebay are sorry to inform you that we are having problems with the billing information of your account," the e-mails said, writing the name incorrectly with a capital E. "We would appreciate it if you would visit our website [Ebay Billing Center] http://www.ebayupdates.com and fill out the proper information that we are needing to keep you as an Ebay member." US internet watchdog SANS Institute Internet Storm Center has issued a warning about the site. Taken down
In a statement to BBC News Online, eBay said it "never asks its users for their user ID and password." "Fraud constitutes less than 0.01% of all transactions that take place on the site," it added. The shadow site has been taken down.
The e-mails began appearing about a week ago. eBay warning
The WHOIS database of websites showed ebayupdates.com was registered in Niceville, Florida on 6 December this year. California-based eBay has issued warnings on its site about e-mails asking for passwords or credit card details. "Some members have reported attempts to gain access to their personal information through e-mail solicitations that are falsely made to appear as having come from eBay," the company said. "These solicitations will often contain links to web pages that will request that you sign in and submit information...eBay employees will never ask you for your password." In November it was reported that some eBay customers' e-mail addresses could be seen on the company's website.

-----Original Message-----
From: Chris A. Mattingly [mailto:camattin@camattin.com] Sent: Monday, December 09, 2002 10:02 PM To: Logan F.D. Greenlee
Cc: incidents@securityfocus.com
Subject: Re: EBay Fraud Attempt

You might also contact the U.S. Secret Service, as this type of crime is covered by this mission statement. (See http://www.secretservice.gov/mission.shtml).

-Chris

• Original Message ----- From: <jlewis@lewis.org> To: "Logan F.D. Greenlee" <lgreenlee@ciretose.net> Cc: <incidents@securityfocus.com> Sent: Sunday, December 08, 2002 11:45 PM Subject: Re: EBay Fraud Attempt

> This is definitely an attempt to socially engineer your credit card info,

--

> > This list is provided by the SecurityFocus ARIS analyzer service.

> > For more information on this free incident handling, management


--

> This list is provided by the SecurityFocus ARIS analyzer service.





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com


=======================================================
This email and its contents are confidential. If you
are not the intended recipient, please do not disclose
or use the information within this email or its
attachments. If you have received this email in error,
please delete it immediately. Thank you.
=======================================================

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com