eBay alert! Watch out for this email

Thanks, Rickdogg

Boy howdy, that notice looks a whole lot like the one I got from eBay a couple of weeks ago, telling me that my eBay identity apparently had been taken over. That notice was legit, and just told me what I had to do...it didn't ask for any of that information the serveus site required. In fact, it didn't send me to any remote site at all. Everything was done in-house, using sites available to all eBay subscribers.

In my case somebody had posted two Dell gizmos for sale under my username on eBay France. One of them already had 15 bids! Using my new password I easily closed both auctions. EBay saw to it that I didn't have to pay any seller fees.

Scammers have been popping up like crazy in the comics section of ebay

Just wanted to put this out as a warning, since someone can easily be fooled by the look of that web page.

Thanks, old buddy. You're on the ball, as usual.

Dear eBay User,

During our regular update and verification of the accounts, we could not verify your current information. Either your information has changed or it is incomplete.

As a result, your access to bid or buy on eBay has been restricted. To start using your eBay account again, please update and verify your information by clicking the link below :


Regards,
eBay Inc.


I changed nothing and my account has continued to operate as it always has. What think ye?

Sounds like the scammers are getting sneakier and sneakier to me. (I detest crooks and scammers.)

But you have to love when a crook or a scammer cheats another crook or scammer. After all, that must happen from time-to-time. Doesn't it?

Yes, I love to see crooks get theirs, too. What goes around comes around, as they say. It's just that sometimes it doesn't seem to come around fast enough or hard enough.

When my eBay ID was pirated, I got in touch with eBay's live help line, where you can hold a real-time e-mail conversation with an eBay help person. The person I got was indeed very helpful and got me all squared away. I asked him whether eBay could catch the @#$!%@* that had done the job on me, and he said they have no way to find out who was responsible. I guess the same thing is true of these scams.

But once, just once, I'd like to have one of those bozos in a locked room with me for about ten minutes. I may be old but I ain't decrepit.

Looks like someone reported the bogus site to ebay...it is now down!

Now we all know I'm not real bright - how do you determine if something (like the first post) is really bogus? Some of the major sites have aq lot of different URLs. What should I look for so that I know it's not the real thing?

Goes to show you how gullible I am - but also how chicken - I always type in the website myself.


Thanks again,
Crafty

Six inches Lord, that's all I need!

Hi, Crafty! I just got one of those bogus things in this morning's mail. It looks pretty legitimate until you click on the URL it directs you to. That site asks for every sort of personal info about you except birthmarks -- credit card number, bank account number, date of birth, social security number, eBay id, eBay password. That's how you tell it's bogus. EBay already knows most of this stuff already, and they have never before asked for date of birth or SSN so why would they be asking for that info now? I forwarded it to eBay Customer Support for their analysis and action. I'll tell you (and everybody else) what, if anything, they say. In the meantime, I'm doing just as Chatter did...proceeding as though I hadn't gotten that notice. (Thanks, Chatter!)

While we’re on this subject:

A couple of months ago I got an email claiming to be from Paypal. It looked just like something from Paypal. It claimed that periodically Paypal, “for security reasons”, randomly reauthorizes members, or something like that. The address had Paypal stuck in their somewhere. The site also looked just like Paypal. To “reactivate” my account, they required that I enter in my password? I contacted Paypal, and they said it was a scam.

Didn't take eBay very long to reply, albeit with an automated letter. It was signed by a real person, though, and provided all kinds of interesting and useful URLs. This tells me that eBay is encountering this kind of scam frequently.

The letter read, in part:

'The message you received was not sent by eBay nor was it endorsed by us in any way. By altering the reply-to address for this email, this message may appear to have come from an eBay email address, when it actually came from an external email address. This also means that hitting the reply to button will send the message to the altered email address in the reply to field. This process is commonly referred to as "Spoofing".

'Please rest assured that your account standing has not changed and that your auctions have not been affected. We are currently investigating
the source of the email. Although we are unable to provide specific information regarding the result of our investigation, let me assure you
that eBay does take these matters seriously. We work closely with ISPs to remove these sites quickly.

'Please remember that eBay will never ask you for your private information, including credit card information or password, in an email. Also, eBay will never send you any request or solicitation from a non-eBay email account, or provide a link outside of eBay for entering credit card or other private information. If you ever need to give us
information, it is suggested that you go to the main website and follow links there to the site map or any other place you may need to give
information. That way you are certain you are giving your information to us and not a third party.

'You may also wish to visit the following
websites:

http://www.usdoj.gov/criminal/fraud/idtheft.html
http://www.fightidentitytheft.com/index.html

'In the future if you receive a similar email, do not respond to it, and contact us through the Rules and Safety Support at the following URL:

http://pages.ebay.com/help/basics/select-RS.html

'You may also report future messages impersonating eBay to us by forwarding the message to spoof@ebay.com. When using this email address please make sure that you use the forward function of your email program with spoof@ebay.com in the to field. Please do not alter the subject line, add text to your message, or forward the email as an attachment.

'We believe that some members are receiving these messages because they are using or have used their email address for their user ID. We
recommend that all members have a user ID.'

Sorry for the long quote, folks, but I think it's important that everybody be on board with this scam, and report it to the proper people at eBay as promptly as possible.

Wow. Thanks for the insight. I guess I have been REAL lucky. But now that I know what to look for, it will definitely help me in the future. I guess it's a good idea to pay closer attention to the web links.

Crafty

Six inches Lord, that's all I need!

Just got not one, but two notices this morning from "eBay" informing me that my eBay privileges had actually been suspended. Each was signed, "Regards, eBay SafeHarbor Division." Regards? I'm LMAO.

I forwarded them to the proper address at eBay (spoof@ebay.com) and got an almost immediate response to the effect that the "suspension notices" were fraudulent. If any of you folks get something like that, go thou and do likewise.

I wonder how the evil scammers get your email address.

Of course it could be that they simply send their scam to all email addresses in their lists whether those people are on eBay or not, but of course only those who are eBay members might react to it. However I never get these scams but do get an awful lot of spam (could be I don't notice them in amongst all the other spam).

Alternatively if they specifically target people who do have eBay accounts, then the only ways to get your email address are:

• If you replied to an "Ask Seller A Question"
• If they completed a buy or sell deal with you
• They totally hacked eBay and stole the email addresses directly
• Your eBay user id is obviously in the form of an email address

If it were either of the first two then maybe there's some clues as to the culprit, in your recent trading partners.

Actually, I have a theory about how they got my email addy. (No, it's not my userid.) About 3 weeks ago I noticed that a seller had mis-described a book he was selling, calling it the second state of the first edition when actually it was the third state, marginally less valuable. I used the "Ask Seller a Question" feature to point this out to the seller, who thanked me by complaining to eBay. EBay cautioned me but took no sanction activity since I had, after all, done no wrong. I was p**sed off but held my peace.

Within a few days of that non-event I started getting these e-mails telling me first that I was at risk of being suspended by eBay, then latterly that I had indeed been suspended. I theorize that the malfeasants hacked eBay's complaint files to find a pretext for working their scam on people who had been cautioned for one thing or another.

Anybody think that's possible to do? I don't know enough about computers to say, and I certainly know nothing about hacking.

I don't think the bad guys will have specifically hacked eBay's complaints file, since if they can hack that then the chances are that they can hack other eBay data. What I mean to say is that I'd think it unlikely that eBay would have a complainants list with any less security than any of their data.

But certainly if you used "ask seller a question" then the "seller" has your email address, and perhaps there exist places for unscrupulous sellers to send the email addresses of those who had complained about them! So yes it may be more than a coincidence that you started getting the scams after your episode!

Where I spot similar misdescriptions or disallowed items on sale, and it bothers me enough, I just report the item directly to eBay and let them get on with it, without involving me further. I have a page bookmarked on which you just paste the item number and reason. I provide evidence of what's wrong with the item either from some official web site or from eBay's own policy statements, as appropriate, and usually the item is history within a few hours. I rarely do it though, usually just if something is actually illegal in this country (UK) and it's a UK-based seller who ought to know better. I provide the evidence because the people who investigate and suspend auctions are US-based so cannot be expected to know UK law.

Fairly often a seller will put something up for sale he's not sure about, and will write "1st ed.?" or something on that order which I interpret as a request for information. I have been responding to such items for years, with never a complaint. This particular seller didn't ask, but I thought I'd just let him know in case he was like most eBay sellers and didn't want to cheat anybody. Obviously, he was the exception, but he's the last person I'll ever write to, question marks in the writeup or not. I thought about buying the book in question, taking delivery, and then filing a fraud complaint against him with eBay. But...nah. Too much trouble.