DANGER NEW AUCTION SCAM

[tri-x1]

Recently I sold a camera on ebay. This morning I had two seperate

messages in my email from "John" claiming I had "picked up the

money" but he had not received the package. He didn't say what

camera but accused me of scamming him and demanded I reply

immediately. Well, I checked with UPS tracking and it said the

camera I sent had been delivered a week ago. Then I clicked on

the "Respond" link in the email and it popped up a standard looking

box for me to log into the auction site and tell the person the item

had been delivered.

Fortunately, a few weeks ago I installed the browser enhancement

form the auction on my internet explorer. As soon as I clicked on

the respond button a red flag came up in the browser telling me I

was being sent to a spoofed site.

So, apparently people who buy and sell on the aution are being

tracked in an attempt to get you to log in, with your password going

directly to the spoofer not the auction. They are betting you will

respond quickly because you are being accused of scamming them.

 

I would encourage anyone using the auction on a regular basis to

install the explorer anhancement offered.

[SCL]

Yeah - this has been happening for several weeks. I routinely just send these notices to spoof@Ebay.com so they can track down these scumbags.

[skygzr]

You can also "mouse over" the links in the email you get. They won't be to eBay....they'll be to somewhere else that LOOKS like eBay. They want to harvest your userid and password.

 

I got one this morning and have to admit it was very slick. The crooks are getting more clever.

[kai_griffin]

Those scammers are certainly getting cleverer at luring people in. Has EBay gotten around to creating a Firefox version of their toolbar yet?

[mr.wind-upbird]

That's why you don't use emails to conduct Ebay business. Even if you get a legitimate email from ebay notifying you of a message from a buyer/seller, you should always go to the Ebay site and login from there in order to see if you really have messages.

[rich815]

Yeah, lately I've been geting those Ebay emails with a vague message from a seller telling me that my item as ready for shipping but I had not told him where to ship yet. It then has the Response button which takes you to a log-in page. They are getting quite clever. But the vagueness of the message, even if I had recently bought something, was a red flag for me right away. And the fact that the person's user name was not one I had ever bought anything from either.

[david_s5]

Kai: I haven't seen one for firefox, but the current version of the <a href="http://www.mozilla.com/thunderbird/">Thunderbird mail reader</a> has an automatic scam detector built in. You get a warning at the top of the message telling you that its likely a scam.

[wendell_kelly]

There are at least three other variations on this being attempted:

 

1) You receive an inquiry from a supposed eBay user asking about an item for sale but not anything you've listed, if you are selling anything at all. You are invited to click on a box in the message to respond. Some of these notices don't even contain a suer name or auction number.

 

2) You receive a notice with all sorts of eBay logos informing you that you've entered a large bid on an expensive item say $300 bid on a Rolex. You are invited to click on a box to dispute the bid.

 

3) There is also a bogus Paypal notification telling you that your account has been charged for a large purchase and offer a place to click to view your account.

 

I just ignore all of these and send any new ones off to spoof@ebay

[michael schub]

Today's NYTimes points out that this sort of spoof (phishing)is on the way out in favor of key logging (programs placed on your computer that transmit your passwords and pin numbers). "Phishing takes a lot of time and effort," said David Thomas, the chief of the computer intrusion division at the Federal Bureau of Investigation. "This type of software is a much more efficient way to get what they're after."

 

The Times went on to say:

 

"Being wary of unfamiliar Web links sent via e-mail is a first-line of defense, according to experts, as is avoiding questionable downloads and keeping up to date with Windows patches and antivirus updates.

 

It is worth noting, however, that in a test of major antivirus programs conducted by Ms. Hoepers's group in Brazil last fall, the very best detected only 88 percent of the known keyloggers flourishing there."

[kai_griffin]

Hi David - funny you should mention that: I noticed that in Thunderbird for the first time just yesterday. In this case it wasn't a scam, but it was obvious why it thought it was.

[peter_naylor1]

Yes, I got caught out on this latest scam too. I'd got what seemed to be a genuine "Ebay Question From Seller" message, but from somebody I didn't know from Adam. The message was of the threatening "Pay Up Or Else I Report You To Ebay" variety, but seeing as I had no transaction history with this person, I just deleted it. However, the message kept coming back, every couple of hours. Eventually I thought I might just as well reply with a "Sod Off, You Effin' Pest" sort of response. Trouble was, when I hit the "Reply To Message" box, of course it asked me to identify myself with my Ebay ID - and of course, password! I should have thought it over, but it was getting late and after so many repeats of that annoying message, I really wasn't thinking straight. So, I filled out my details, but nothing then came up in the usual way with an Ebay message blank.

 

Now I was starting to get suspicious that I'd been scammed, and my precious Ebay ID Password obtained by some scumbag - but what could they actually do with this information? I mean, it's not as if it's the password to your bank account or credit card.

 

However, while I was working out all the ramifications, I got an email in from the Ebay Security Department, advising that following certain procedures which they wouldn't go in to for security reasons, my Ebay account had been frozen until I changed my password! Clearly Ebay were onto the problem and had saved my bacon in this instance. However, the question arises - what would anybody do if after winning an auction, they got an Ebay Message purportedly from the seller, asking for confirmation of some details like mailing costs? Wouldn't you assume it was kosher, and reply? Trouble is, you'd probably reply through the Ebay Message system, which entails giving your damn ID and password!! BLOODY BINGO!!! They've got you ......!!

 

In future, I guess I shall not be using the Ebay Message system, to RESPOND to somebody's message. I shall just have to use the normal Outlook Express email system, seeing as it doesn't require me to reveal anything. It's a hard world out there, folks .... ~~PN~~

[tri-x1]

If you actually log into Ebay through normal Ebay channels you are safe and can see if the message is real. If it's in you Ebay messages it's for real. The one I almost fell for came through my standard email browser--it never showed up in the real Ebay message center. Ebay shut down my account until I gave it a new password, several weeks ago--I still don't know what targeted me on that one. Anyway, after than I changed every password and username I use anywhere in the web, upgraded my antivirus and added a stronger firewall. Also, I don't keep a password list on any computer. I keep the document stored on a memory stick. Paranoid? Maybe. But there are a lot of folks out there who apparently make a living out of stealing identities.

[jeffpolaski]

I report suspicious communications to eBay. I understand they have hired some ex-Special Forces types to track down these miscreants. What happens then, I don't want to know.

[richard_oleson]

I get these by the hundreds. i've never fallen for one, but they are doing a better job of making their URLs look like legitimate ebay (or paypal, etc) addresses.

 

Look for your name written out in plain english in the text: ebay has that, the spammers don't.

 

If I don't specifically recognize the subject (they generally come with bogus auction numbers in them, which are a tipoff), i forward it to spam@ebay.com just in case. so far, not one that i've forwarded has turned out to be legit.

[ken_jeanette]

I think the authorities should catch a few of these scum suckers, and execute them. Or better yet, auction the oppurtunity to pull the switch at their execution.