WARNING: New scam



#5

I got the following email (excerpts):

From aw-confirm@ebay.com  Fri Jan 13 17:31:46 2006
From: "aw-confirm@ebay.com" <aw-confirm@ebay.com>
Subject: Question from ebay member
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

[...]

Your registered name is included to show this message originated from eBay.
<A href="http://ssiiggnniinn.100free.com/ws/
eBayISAPIdllSignInfavoritenav=2sid2=ruproduct=pp=co_partnerId=2
ru=i1=ruparams=pageType=pa2=bshowgif=pa1=pUserId=errmsg=
UsingSSL-runame-iteid=1/signin.htm"
target=_blank><FONTcolor=#003399>Learn more</FONT></A>.

[...]

This is a fake message. Notice the http://ssiiggnniinn.100free.com url!

Apart from that, the email did not include my registered name, and the To: field was not my
registered ebay email address.

BEWARE

**vp


#6

I've been getting a lot of these. They usually ask questions such as "what forms of payment do you accept for your item?" Aside from the fact that the reply URL, as you point out, is spoofed, and actually points to some other site than eBay, the mail headers should also show a spoof in the last Received: header listed. The last header listed should be the first one generated. But sometimes the miscreants add phony Received: headers so the first real one isn't the last one listed. Regardless, the first real Received: header usually contains a spoof of the originating system's name. Knowing this can be helpful in identifying malicious mail when other clues are inconclusive.

For example, here's a sample from a virus laden mail that hit my mailbox a couple of weeks back:

Received: from vansbro.se (ASt-Lambert-151-1-23-237.w82-120.abo.wanadoo.fr [82.120.234.237]) by [...]

So this one claimed to be from 'vansbro.se' but actually originated from 'ASt-Lambert-151-1-23-237.w82-120.abo.wanadoo.fr'.

#7

I've gotten so many of these of different variations that I closed my eBay account. The fun of trading on eBay is not worth exposing yourself, (however they're getting your email off eBay?), to these scam artists.


#8

It's doubtful that your membership in eBay or PayPal has anything at all to do with the phishing spam you are getting. Spam is a volume game, and the miscreants who send out that stuff just don't have time to target groups of people. They assume that some percentage of the multiple millions of messages they send will reach people who have eBay accounts, and that some percentage of those will be selling. Since eBay is popular, they are obviously right to think that. But then they also have to get some percentage (of the percentage, of the percentage) of targets who are dumb enough to fall for the (usually) transparently false scam spam spew. As long as you can tell the difference (which you obviously can) then you are safe.

Regards,
Howard


Possibly Related Threads...
Thread Author Replies Views Last Post
  [HP-Prime CAS] "Warning, ^ (Command) Is ambiguous on non square matrices"?? CompSystems 1 401 12-07-2013, 07:15 PM
Last Post: CompSystems
  Flash Flood Warning: 9/16/2013 (One Week from HHC13) Eddie W. Shore 8 652 09-17-2013, 09:20 PM
Last Post: Craig Ruff
  Low power warning for HP-15C LE and batteries Nick_S 1 300 09-16-2013, 09:34 AM
Last Post: Hans Brueggemann
  Auction Scam of the Week? Frido Bohn 4 409 06-03-2013, 01:45 PM
Last Post: Mike Morrow
  Warning - Don't update RPN-67 Pro on your iPad Michael de Estrada 9 557 05-02-2013, 03:21 PM
Last Post: BShoring
  Warning: These are NOT Clonix! Diego Diaz 11 717 03-02-2013, 01:15 PM
Last Post: Diego Diaz
  Warning if you have a calculator shipped outside the US. No warranty. Jim Creybohm 8 469 10-11-2011, 08:46 AM
Last Post: Eddie W. Shore
  HP 10BII+ Battery removal warning Jim Yohe 19 1,075 04-24-2011, 09:52 AM
Last Post: Eddie W. Shore
  Warning regarding a TAS auction Michael de Estrada 10 583 06-24-2010, 10:22 AM
Last Post: bill platt
  Warning: GRiD cards ad for 48GX Richard Reed 3 271 10-04-2009, 08:42 PM
Last Post: Richard Reed

Forum Jump: