Does it Work? - **If you buy or sell on eBay...PLEASE READ**




MrsJim
10-23-2003, 01:22 PM
I know that there are a LOT of folks here who love eBay...but very few eBay users actually visit their forums/community section so I wanted to call your attention to the SERIOUS matter of SPOOF emails (mostly because I've received several in the past two weeks...).

"Spoofs" are emails that look like they came from eBay, generally saying that your account has been or will be suspended UNLESS you click the link provided in the email and give some info...such as your credit card number, Social Security, etc. If you click the link, it takes you to a site that appears to be an eBay page, but is actually a 'mirror' of an eBay page.

These are NOT coming from eBay, but from CRIMINALS. (there may be some PayPal spoofs coming through as well, but as yet I haven't received any).

Each time I have received a spoof, I have forwarded it to spoof@ebay.com so they can investigate it. Here's a reply I recently received from them:
Thank you for contacting eBay's Trust and Safety Department about email solicitations that are falsely made to appear to have come from eBay.
These emails, commonly referred to as "spoof" messages, are sent in an attempt to collect sensitive personal information from recipients who reply to the message or click on a link to a Web page requesting this information.

The email you reported did not originate from, nor is it endorsed by, eBay. We are very concerned about this problem and are working diligently to address the situation. We have investigated the source of this email and have taken appropriate action. You may rest assured that your account standing has not changed and that your listings have not been affected.

We advise you to be very cautious of email messages that ask you to submit information such as your credit card number or your email password. eBay will never ask you for sensitive personal information such as passwords, bank account or credit card numbers, Personal Identification Numbers (PINs), or Social Security numbers in an email itself. If you ever need to provide information to eBay please open a new Web browser, type www.ebay.com, and click on the "site map" link located at the top the page to access the eBay page you need.

If you have any doubt about whether an email message is from eBay, please forward it immediately to spoof@ebay.com and do not respond to it or click on any of the links in the email message. Please do not change the subject line or forward the email as an attachment.

If you entered personal information such as your password, social security number or credit card numbers into a Website based on a request from a spoofed email, you need to take immediate action to protect your identity. We have developed an eBay Help page with valuable information regarding the steps you should take to protect yourself.

To get to the "Protecting Your Identity" Help page from the eBay site, please click on the "help" link located at the top of most eBay pages and select the following topics when the "eBay Help Center" window appears:

Safe Trading > If Something Goes Wrong > Identity Theft

We encourage you to review additional information about protecting your identity found in the eBay Help system. Please click on the "help" link located at the top of most eBay pages and select the following topics when the "eBay Help Center" window appears:

Safe Trading > If Something Goes Wrong& > Account Theft > Account
Protection

Once again, thank you for alerting us to the spoof email you received.
Your vigilance helps us ensure that eBay remains a safe and vibrant online marketplace.
Regards,

Ian
eBay SafeHarbor
Investigations Team

Just a word of warning for all you eBay users out there!


Ruthxxx
10-23-2003, 01:25 PM
Thanks. Much appreciated.

melekalikimaka
10-29-2003, 01:43 AM
I've received many (probably 6 or more) spoof emails in the last month or so and being the suspicious person that I am, I automatically checked the Safe Harbor section of the authentic website and did forward the emails to the email address you listed. I received the same reply to each. If you've gotten one email, you're probably going to get more. Just be safe and never, ever answer those asking for the personal info.

What I would also like to add is that you should make an effort to check your account at least once a month or so whether you're a buyer or seller, because there have been instances of "Pirating" or account takeover by these evil scammers. They check for accounts with excellent feedback ratings and use those as fronts for selling big ticket items like autos or high priced auto parts, electronics, etc. I would suggest that you check the sellers feedback before buying anything over $1,000 (or whatever your comfort level is) and check the other items the seller may have sold. My DH has been scouring ebay for motocycles or motorcycle parts and has reported several pirated accounts to ebay. The fake seller lists what should be high ticket items for cheap, luring those unsuspecting buyers who think they are getting a steal! If you check the previous positive feedback, all the previous items sold are under $10 or less. Here is a response to an email from ebay in which he asked ebay to check on a sellers suspicious listing:
Hello,

Thank you for writing with your concern.

Beware! Protect yourself from fraudulent emails that ask for sensitive
personal information like credit card numbers, passwords, etc. Just
because an email message looks like it is sent directly from eBay, it
isn't always. To learn more about protecting yourself from fake or
"spoof" emails, visit our User Account Protection page. Simply cut and
paste this Web address into your browser window:
http://member.ebay.com/ad/ck/1065-11789-3840-13

The recent items listed with this account were the result of an
unauthorized account takeover. Unfortunately, we were not aware of this
activity until some time after the listings appeared on the site. Once
we became aware of this activity, immediate action was taken. We are now
in the process of restoring the account to its true owner. At this time
the transaction in question should be considered null and void.

Let me suggest a few ways this could have occurred.

If the user had a relatively simple password or password hint question
it is possible that a third party was able to gain access to the account
by guessing the password.

It is also possible that the user could have unknowingly provided his or
her password to another party. Some eBay members have reported receiving
messages asking for User IDs and passwords. These messages appear to
come from eBay Support, but in fact are not. eBay will never ask for
sensitive information of this nature through email.

Finally, there are a number of computer viruses in circulation that log
and record keystrokes. It's recommended that computer users keep their
virus alert software up-to-date, and check their system often for
problems. A firewall for high-speed Internet users is also highly
recommended.

Please be aware that eBay urges caution when purchasing high-priced
items, especially if the price seems too good to be true.

We do not recommend the use of instant cash wire transfer services such
as Western Union and MoneyGram, and we ask that users decline sending
payment in cases where these are the only methods of payment offered by
the seller. Generally, if payment is sent using an instant cash wire
transfer service and the item is not delivered as promised, no recourse
is available for recovering funds. In most cases, a verified escrow
service should be used when purchasing high dollar value items. More
information on the benefits and risks of individual payment methods can
be found at:

http://pages.ebay.com/help/buy/payment.html
Again, thank you for taking the time to write. I appreciate your
continued help in keeping eBay a safe and fair place to trade!

Regards,

Jude
eBay Motors
Trust and Safety Department


Okay, it was more than 2 cents but I just had to comment on this since i am an avid ebay user.

Thanks Mrs Jim for posting this.


usmcwifee
11-14-2003, 09:38 AM
I too have received several of these "spoofs" but only from paypal. And I knew better because the same morning I got the first one, msn.com news had a warning on it's website..talk about great timing!

I'm also an avid ebayer. Currently buyer, moving into the selling side of the game (yay for me).

Thanx for the heads up.

Misti in Seattle
11-16-2003, 10:25 AM
Good caution about eBay! As an avid user of eBay I can certainly agree with your comments. Also would add... be very cautious about similar scams from those pretending to be from PayPal (eBay's main money transfer site).

Sue

MichelleRae
05-27-2004, 07:58 PM
wow thanks for bringing this to my attention!!
Michelle

herb1985
06-07-2004, 12:20 PM
Thanks for the heads up . I will keep an eye out for the bogus emails from fake ebay for sure.Always someone out there scamming its a shame.

avondarcye
07-05-2004, 03:52 PM
I got one like that ,about Paypal, It addressed me as something like Dear Paypal memeber, Paypal never does that and has a link on site to report it I think its spoof@paypal.com

Beware

Darcye

craft of flavor
08-12-2004, 05:12 PM
Hi I was wondering one thing regarding spoof mail. I had one come to me and i started going for it. I even went as far as filling out some of the information. But then something told me this was not right so i used the back button on my toolbar and than proceeded to make a few calls. But now i am wondering if the back button would delete the material i had inserted or if they could still read it. Ugh! Does anyone know?

fatfornow
11-12-2004, 12:03 PM
Hi I was wondering one thing regarding spoof mail. I had one come to me and i started going for it. I even went as far as filling out some of the information. But then something told me this was not right so i used the back button on my toolbar and than proceeded to make a few calls. But now i am wondering if the back button would delete the material i had inserted or if they could still read it. Ugh! Does anyone know?

Hi! I work for eBay so I thought I would just help out here.

If you were responding to an email, they couldn't see a thing unless you had actually sent it. If you were on a webpage that you got from a link in an email, they could possibly have harvested some simple information (not credit card numbers or anything, just your name or IP, etc.) or put something ugly on your computer like spyware. It also clues them in to the fact that you are a good mark and they may attempt to trick you more and more. It all depends. However, if you did not submit your information, then the information that was in the form was not sent and they did not get it.

To be safe, change your eBay password often, make sure it includes numbers and letters. And if you do get a spoof email, send it to eBay/PayPal right away. You may just get an automated response back from us, but I can assure you that we do investigate and that is how we catch the crooks and learn from them. So keep sending it in because it really does help.

sugarholic
01-08-2005, 06:29 PM
My friend is a new mom and works full time, she too got one of these spoofs, however it came from paypal but when she clicked on the link it took her to ebay. Since she's so busy she didn't even pay attention to the fact that it could have been from a fraud. Within hours someone spent over $800 out of her bank account. Luckily it was right around xmas and she checked her account before going shopping or much more damage could have occured. So just a warning, watch for paypal emails like this too, and thanks for bringing it to everyones attention!

katushkacz
01-28-2005, 09:46 PM
I got one email that "was" from PayPal. It was a receipt for over $300. First, I was shocked. Then I contacted PayPal and was told it was a spam email.

Well, I used to love Ebay until I bought a transmission for my car and never received. It was a good lesson.

thinthinker
02-07-2005, 12:54 AM
PayPal and eBay are both good sources of SPAM emails, but also watch for banks. Last week I got one from a bank I didn't recognize and one with MY bank's logo on it.....Both were SPAM...

When in doubt....and be in doubt often.....call someone and doublecheck!!!!

MrsJim
02-07-2005, 03:33 PM
PayPal and eBay are both good sources of SPAM emails, but also watch for banks. Last week I got one from a bank I didn't recognize and one with MY bank's logo on it.....Both were SPAM...

When in doubt....and be in doubt often.....call someone and doublecheck!!!!

What you're referring to is known as "phishing" in the industry. These emails are not eminating from eBay/PayPal or the bank in question.

The number one rule of phishing safety is simple:

NEVER click on links you receive in unsolicited e-mail.

Here are some additional tips you can use:

* Never open any unsolicited e-mail in your email accounts — delete them!
* Never give out your personal or financial information in a transaction you did not initiate.
* Check your credit report annually.
* Guard you PIN from being seen when you are completing a transaction at an ATM or in a store. Never write it down.
* Protect your passwords. Never write them down or enter them online unless you initiate the transaction.
* At home, use spam blockers, firewalls and virus protection software. Keep them updated.

Find out web addresses you want to enter from a trusted source, for example from a billing statement or by calling the company.

Then, type in the address yourself.

What kinds of information do phishers want?

Personal data: names, social security numbers, street addresses, telephone numbers, mother's maiden name, etc.
Financial data: bank account numbers, credit card numbers, passwords, PINS
Phishers will try and trick you into providing as much information as possible. They use this information to steal your identity or your money.

How do they do it?

Phishing is one of the fastest growing crimes on the net.

Phishers create realistic but phony version of things you’re used to seeing on your computer screen such as:

* e-mails
* pop-up windows
* web sites

Visa's Canadian website has a great article titled “Cut the Line on Phishing Scams (http://www.visa.ca/en/personal/shop_protect_email.cfm)" which includes detailed examples of what phish look like.

Phishers are always trying to come up with new tricks in addition to e-mail and web site fraud, such as:

Screen Grabbing - This form of phishing takes a picture of your screen instead of trying to trick you into sending information. It is programmed to take the picture just when you are entering sensitive data.

IRC and Instant Messaging - Internet Relay Chat (IRC) and Instant Messaging (IM) use graphics, URL’s, and multimedia. It will not be hard for phishers to adapt their phishing techniques to attack them. (this is one of the reasons that I personally do not use IM).

JPEG Phishing - Phishers can hide attacks in JPEG graphics, although, so far, the user must first save the graphic and open it from within Windows Explorer.

Small Fry - Those most often targeted are new users just beginning to shop or bank online. Gartner reported that of the 4 million consumers who encountered fraud last year when opening a new online account, approximately half said they also received a phishing e-mail.

Some solutions: In the past year, eBay and Google have both launched toolbars. I highly recommend that if you use eBay at ALL, that you download the eBay toolbar - it can help spot any phishing/bogus websites or emails pretending to be from eBay or PayPal (which of course is an eBay company).

If you use a Visa card to perform online transactions, sign up for Verified by Visa - which provides you with an additional wall of protection when shopping at sites which are signed up in the program (more are being signed up every day). If you go to the Visa link above, the page also has a link to find out more about Verified by Visa.

Oh and when you do get a phish email - send it as an attachment to the company site that is being spoofed - generally it's eBay or Paypal - spoof@ebay.com and spoof@paypal.com - Visa's is phishing@visa.com - for other financial institutions check their websites.

"Yes-I-Can"
03-15-2005, 11:19 PM
I received some of these emails from ebay in the past. The first one I entered some personal information. Then I figured out that they were fake so I sent them to the spoof address. I've changed my password but I'm still nervous. You know how you can mark to keep you signed in on the computer unless you sign out? Well, I do that. Then the next time I go to ebay I have to sign in again. Is this normal or is someone likely to be signing in to my account? Any ideas?
Thanks a bunch.

MrsJim
03-15-2005, 11:47 PM
Have you tried downloading the eBay Toolbar?

It adds a bit more protection - for one thing it lets you know when you're actually ON an eBay page through its 'account guard'.

And if you keep track of a lot of auctions or like to search, it comes in quite handy :)

Besides...it's free!

diamondgeog
07-29-2005, 10:12 AM
Sorry if this was mentioned but one of the easiest ways to spot a spoof that my coworker brought to my attention is this: Run your mouse over the link. It will have a hyperlink saying paypal which they can put in easily with HTML but on the bottom of your computer screen you will see something completely different.

almostheaven
07-29-2005, 12:38 PM
Not just an Ebay or PayPal problem. It's all over the web. You may get emails to update your Windows. If you want to trust in an anonymous email and do that, you may find yourself without a computer in the future, as such emails will infect your computer and give you no end of nightmares. MSN, Microsoft, Ebay, PayPal, Yahoo, Hotmail, etc. etc. etc. (add in the name of any site you frequently visit) does NOT need you to provide them with information. They already have your information from when you signed up. And if they need an update, you can go directly to their site to update. Never use the email links to provide any personal info or to run any program on your computer. Never open any downloads or attachments to emails from people you don't know. Sometimes it's safer to not even open them from ones you do know unless they're computer savvy enough to not spread around viruses in all their forwarded jokes.

It's just plain netsense.

almostheaven
07-29-2005, 12:40 PM
And, oh yeah...those emails from Microsoft and others that guarantee you a sum of money for everyone you forward to?...there's no such thing as an email tracker that follows email around the web for one, and Bill Gates just isn't that generous for another. ;)

MrsJim
07-29-2005, 03:29 PM
And, oh yeah...those emails from Microsoft and others that guarantee you a sum of money for everyone you forward to?...there's no such thing as an email tracker that follows email around the web for one, and Bill Gates just isn't that generous for another. ;)

Anytime someone decides to forward this type of email to me (or the type that says I can get a $50 coupon to such and such restaurant or whatever) I always check snopes.com for the straight scoop...and then I forward the link not only to the sender, but to the entire mailing list (inverably the sender has a long list of people who got the same email I did).

Just FYI. ;)

MrsJim
07-29-2005, 03:35 PM
Not just an Ebay or PayPal problem. It's all over the web. You may get emails to update your Windows. If you want to trust in an anonymous email and do that, you may find yourself without a computer in the future, as such emails will infect your computer and give you no end of nightmares. MSN, Microsoft, Ebay, PayPal, Yahoo, Hotmail, etc. etc. etc. (add in the name of any site you frequently visit) does NOT need you to provide them with information. They already have your information from when you signed up. And if they need an update, you can go directly to their site to update. Never use the email links to provide any personal info or to run any program on your computer. Never open any downloads or attachments to emails from people you don't know. Sometimes it's safer to not even open them from ones you do know unless they're computer savvy enough to not spread around viruses in all their forwarded jokes.

It's just plain netsense.

On that note - here's another really great site to check out - it's called "Practical Money Skills for Life (http://www.practicalmoneyskills.com/english/at_home/consumers/identity/)" and includes some good info on identity theft and security. Check it out ;)

texasblueeys
07-29-2005, 03:48 PM
Thanks for the update. I too got spoofed with the Ebay thing. The only way I knew it was bogus, was that it was sent to my other email address and not the one that was hooked up to ebay. I have gotten paypal spoofs too. So now I'm cautious of everything. Luckily I had sense enough to realize it was on the wrong email before I clicked it because I had just bought something on ebay.

almostheaven
07-30-2005, 10:00 AM
Anytime someone decides to forward this type of email to me (or the type that says I can get a $50 coupon to such and such restaurant or whatever) I always check snopes.com for the straight scoop...and then I forward the link not only to the sender, but to the entire mailing list (inverably the sender has a long list of people who got the same email I did).
MrsJim, I do this to my cousin. I will actually send her the link to Snopes as well as imbed the Snopes text into the email and reply to everyone she sent this to. I kept thinking that maybe sending it to everyone on the list would embarrass her into checking this stuff out before sending it. She's not easily embarrassed. :lol: