Friday, November 18, 2005

New eBay scam

This is the first time I have fallen for an email scam!
I got a mail informing me that I had an "unpaid item dispute" on eBay. I logged on via the link in the email, and my login failed. So I changed it. Then it turned out there was no dispute at all. So I got suspicious and checked the source code of the email. Quite so: the links in the email did not lead to eBay.com at all, but to a different site! So maybe they now have my login to eBay, I don't know. (I logged in on the right site and changed it again.) But something strange is going on.
Because this mail did not ask for me to enter any information, I did not follow my own rule: Always look at the source code of a mail which talks about your account on eBay, Amazon, or Paypal. You can see where the links really lead.
Or else, don't log into a web site from a link in a mail, do it from their home page.

7 comments:

  1. Hope you have informed ebay, and changed all of your password and account information.........

    Take care!

    ReplyDelete
  2. I've gotten to the point where I ignore almost every piece of mail that comes into my box.

    ReplyDelete
  3. If the postman is the only one putting anything in your box, you need to get out more. :)

    ReplyDelete
  4. Perhaps, but where would I go? There are so many places I haven't been that I don't know where to start.

    ReplyDelete
  5. I guess you know by now that it wasn't ebay, sending that to you. I've gotten so many phishing pieces of mail from them, & PayPal, I ignore anything from "them." You can forward the stuff to the legitimate sites (with long header info) so they can prosecute. Their websites give the addresses.

    ReplyDelete
  6. Dear Eolake,

    Like millions of people, you have been a victim of a 'phishing' scam. But unlike millions of people, you have an audience. You can perform a public service by posting some practical information about how one can avoid this scam. Here are my suggestions.

    Typically a 'phish' is a false email that purports to be from your bank, your credit card company, or a company that you do business with. The objective of the 'phishing' scam is to obtain important information such as your credit card or bank account numbers.

    If you receive a suspicious email, don't click on the link. Go to the company's website and determine whether the matter referred to is valid.

    To determine where a link leads to, RIGHT-click on the link. In the pop-up menu click on properties. Examine the link properties. If you do not recognize the address, consider it bogus Make sure that the '.com' is followed by a slash. If the link appears something like 'your-bank.com-something.com', consider it bogus. This procedure works for email delivered by browsers, but not necessarily with special email programs.

    If you receive a 'phishing' email, forward it to you email provider, to the affected business, and to your national Computer Emergency Readiness Team (CERT). In the United Staes go to http://www.us-cert.gov/. Click on 'Report Phishing' and follow the instructions.

    ReplyDelete
  7. Eo,
    Having been exposed to these scams also...many looked genuine, but like yours, were not.
    When you receive a questionable eBay email, (Genuine ones will 'usually' be addressed to you by name, oe user ID) forward the entire email without adding or subtracting anything from the mesage, TO:
    spoof@ebay.com
    Likewise, the same for PayPal emails:
    spoof@PayPal.com
    You will receive an email stating that they will investigate the source in question.
    I am a 6+ year eBayer.

    ReplyDelete