Ebay and PayPal spoofs

[kmfarm]

If you use PayPal or Ebay, sooner or later you'll recieve e-mails from con-artists. They'll tell you that you need to update your infromation or they'll say there was a transaction that you need to follow through on. These e-mails look and sound like they're coming from these sites.

Any e-mail that seems even slightly suspicious should be forwarded to either spoof@ebay.com for spoof@paypal.com. They will then respond with whether or not it is authentic.

Don't take any chances.

Mark

[keith]

Thanks for starting this topic, Mark.

This happened to me a LOT recently. I wasn't even listing items on eBay, simply bidding on a ton. It was hard for me to know at first, and I sometimes spend 60+ hours a week online.

Regards,
Keith

[CarolsCritterCare]

I get tons of these on a weekly basis. I have a couple different addi's I use depending on what critter list I might be on.
Only one name is used for paypal and ebay and I get these spoofs at email addi's I know I dont have listed.
Today my 13 yr old got one in her box!
The other one I'm getting a lot is from Citi Bank saying my account has been compromised and to contact them as soon as possible.
LOL ~ I dont have a citi bank accnt
Carol

[Crys]

The best way to tell a spoof from the real thing is to look at the link that is in the email. It may appear to go to ebay, but if you look in the source of the email, you will find the html code that creates the link can point somewhere else entirely, like this: http://thebubbler.com. If you click that link it will take you to my personal homepage, not to the front page of theBubbler. In the message source, you can find the link that the text is actually pointing to by looking for "a href=". The link immediately after the = is where you would go if you clicked on the link. This link may contain the word "ebay" or "paypal" but if the domain part doesn't _end_ with ebay.com or paypal.com, then odds are good it's a spoof and you should report it as noted above.

It's important when forwarding the email to make sure you're including the "Headers" of the email, as that information is necessary to connect the email with a real person. Some email programs retain the headers when an email is forwarded, but most don't. You can make sure those headers are available to the person at the other end by viewing the "Message Source" and copying all the information above the message content, and then pasting that into the message you're forwarding. They will look something like this, which I took from a spam I got this morning (I've changed the domain and ip numbers for our servers for security reasons):

From: hansen@thebubbler.com
Subject: Your eBay account has been suspended
Date: February 11, 2007 6:57:43 AM CST
To: hansen@thebubbler.com
Reply-To: hansen@thebubbler.com
Return-Path: <cedric.chauveau@imagostudies.com>
Received: from qrtsm.com (prod9mx100.postini.com [xx.xx.x.xx]) by mail.servername.com (x.xx.x/x.xx.x) with SMTP id l1BCkLj83774; Sun, 11 Feb 2007 06:46:26 -0600 (CST) (envelope-from cedric.chauveau@imagostudies.com)
Received: from source ([60.214.25.64]) by prod9mx100.postini.com ([xx.xx.x.xx]) with SMTP; Sun, 11 Feb 2007 04:57:28 PST
X-Originating-Ip: 136.114.126.11 by smtp.60.214.25.64; Sun, 11 Feb 2007 07:57:43 -0500
Message-Id: <hvnvmcNVXPAhansen@thebubbler.com>
Content-Type: text/plain;
Content-Transfer-Encoding: 7Bit
X-Pstn-Levels: (S: 0.00000/ 0.39852 R:95.9108 P:95.9108 M:97.0282 C:65.6198 )
X-Uidl: /Kk"!bi%#!Kd("!bf5"!

You can also use this information to determine whether or not the email is genuine. See that last "received"? That was received by a server I trust, so I can be moderately sure that the source (60.214.25.62) is correct. You can look up the location of that IP at http://ws.arin.net/cgi-bin/whois.pl. Doing so tells me it comes from the Asia Pacific area. Following it further back tells me it's sent from Beijing through a network owned by China Network Communications Group Corporation. Odds are good, it's therefore not a legit email from ebay or paypal.

[CarolsCritterCare]

Oh very interesting! Thanks! Never thought to go look there.
Carol

[AJE]

Dear PayPal Member
,
This email confirms that you have sent an eBay payment of $47.85 USD to
harris2727@aol.com
for an eBay item.
-----------------------------------
Payment Details
-----------------------------------
Amount: $47.85 USD
Transaction ID: 2LC956793J776333Y
Subject: Digimax 130
Note:
If you haven't authorized this charge ,click the link below to dispute transaction
and get full refund

Dispute transaction
(Encrypted Link )
*SSL connection:
PayPal automatically encrypts your confidential information
in transit from your computer to ours using the Secure
Sockets Layer protocol (SSL) with an encryption key length
of 128-bits (the highest level commercially available)

-----------------------------------
Item Information
-----------------------------------
eBay User ID: scratchandgnaw2

----------------------------------------------------------------
Edward Harrell's UNCONFIRMED Address
----------------------------------------------------------------
Edward Harrell
211 David St.
Springtown, TX 76082
United States
Important Note: Edward Harrell has provided an Unconfirmed Address. If
you are planning on shipping items to Edward Harrell, please check the
Transaction Details page of this payment to find out whether you will
be covered by the PayPal Seller Protection Policy.
----------------------------------------------------------------
This payment was sent using your bank account.
By using your bank account to send money, you just:
- Paid easily and securely
- Sent money faster than writing and mailing paper checks
- Paid instantly -- your purchase won't show up on bills at the end of
the month.
Thanks for using your bank account!
----------------------------------------------------------------
Thank you for using PayPal!
The PayPal Team
PayPal Email ID PP118

The email does not exist, the seller ebay name did not exist and the link for the dispute lead to a dead end.

I immediately reported this “Phishy” email to the security of both my E-Bay and Paypal Accounts as well as I changed my passwords.

This was their response to my concern:

Quote:

Hello,

Thank you for contacting us about email solicitations that are falsely
made to appear to have come from PayPal. The email you reported did not originate from PayPal or eBay.

Emails such as these are commonly referred to as "spoof" messages, and
are sent in an attempt to collect sensitive personal information. They
do this by asking the recipient of the email to reply to the message or
click on a link to a Web page requesting this information.

We are very concerned about this problem and are working diligently to
address the situation. We are currently investigating the source of
these emails to take further action.

We advise you to be very cautious of email messages that ask you to
submit information such as your credit card number or your email
password. Only enter your eBay password on pages that begin with https://signin.ebay.com/.
If you ever need to provide information to PayPal, it should only be
done once you have logged into your account from the PayPal.com
homepage.

If you have any doubt about whether an email message is from PayPal,
please forward it immediately to spoof@paypal.com. Do not respond to it
or click on any of the links in the email message. Please do not change
the subject line or edit the email in any way.

If you entered personal information such as your password, Social
Security number or credit card number into a Web site based on a request
from a spoofed email, you need to take immediate action to protect your
identity. More information on the steps you should take can be found on
the "Protecting Your Identity" Help page. To access this page please
click the following link:

http://pages.ebay.com/help/confidenc...ity-theft.html

To help you better protect yourself from fake eBay and PayPal Web sites,
we have developed a feature for the eBay Toolbar called "Account Guard."
Account Guard includes an indicator of when you are on an eBay or PayPal
Web site or a known spoof (or "phishing") site, buttons to report fake
eBay Web sites, and a password notification feature that warns you when
you may be entering your eBay password on an unverified site.

To learn more about the eBay Toolbar with Account Guard go to
www.ebay.com, click on "Downloads" at the bottom of the page, and then
click on the "eBay Toolbar" link.

We also recommend that you keep your browser, operating system, and
virus protection software up to date. Check for updates at the "Windows
Update" link on www.microsoft.com and scan your computer for viruses
often.

Once again, thank you for alerting us to the spoof email you received.
Your vigilance helps us ensure that PayPal and eBay remain safe and
secure.


Regards,

eBay SafeHarbor
Investigations Team

Paypal also confirmed that the mail was a scam and they'll be sending the matter to authorities.

So I Just thought I'd pass on this FYI

[AJE]

Quote:

Please remember these steps to help protect your PayPal account from
Unauthorized Account Access.

Emails - Make sure they are sent from PayPal

1. If you receive an email and are unsure whether it is from PayPal,
open a new web browser (e.g., Internet Explorer or Netscape) and type in
the following: https://www.paypal.com/Do not click on any link in an email
which seems suspicious to you.

2. Some spoof websites will send emails that pretend to come from
PayPal to entice you to log in at the spoof URL. Be extremely cautious of
emails that direct you to a website that asks for sensitive information.

3. Stay safe; don't respond to emails asking for any of the following:

· Your password and email address combination
· Credit card numbers
· Bank account numbers
· Social security number
· Drivers license number
· First and Last Names

If you have surrendered financial or password information to a suspicious
email or website, promptly report this to the issuing institution as well
as change your password and security answers on your PayPal account. This
can be completed in the Profile section of your account.

Email Greeting -

· PayPal will never send you an email with the greeting "Dear PayPal
User" or "Dear PayPal Member." Emails initiated by PayPal will address you
by your first and last name, or the business name associated with your
PayPal account.

· Please note that the automatic response you get from us may not
address you by name.

Always log into the PayPal site

· PayPal will only ask for information after you have securely logged
in

· For your security, PayPal will never ask you to re-enter your full
bank account, credit, or debit card number without providing you at least
the last two digits of the number. These digits let you know that we
already know the full number and are asking you for the rest of it. Beware
of any website or email asking for these numbers for "verification" that
does not prove that it knows the number by providing at least the last two
digits

· Use Account Guard on the eBay toolbar. If you use Internet Explorer,
download the eBay toolbar. Account Guard helps ensure you are on PayPal or
eBay

Website pages - make sure that they are hosted by PayPal

1. When using the PayPal service, always ensure that the URL address
listed at the top of the browser is
https://www.paypal.com/. This ensures that the website is secure. Even if
the URL contains the word 'PayPal', it may not be a PayPal webpage.

2. Look for the "lock" symbol that appears in the lower right hand
corner of the browser. This symbol indicates that it is a secure site.

Do not download attachments, software updates, or any application to your
computer via a link you received in an email. PayPal will never send you an
attachment or software update to install on your computer.

Passwords - keep it on PayPal

1. Use a unique password for the PayPal account and change it every
30-60 days.
2. The password should be one that is not used on any other site,
service, or login.

If you think you have received a fraudulent email, forward the entire
email, including the header information to spoof@paypal.com and then delete
the email from your mailbox. Never click any links or attachments in a
suspicious email.

For an extra layer of security, get a PayPal Security Key. A PayPal
Security Key gives you added protection by generating a unique six-digit
security code every time you log in with your user name and password.

Click the "Security Center" link on any PayPal webpage to learn additional
tips for staying safe online and to find tools that you can use to increase
your security.

If you have any other concerns requiring immediate assistance you can send
us another or email or call us at 1-888-221-1161.

Thank you for your time and for using PayPal for your online payment needs.
My apologies again for this inconvenience.

Sincerely,
Ingrid
PayPal Community Support
PayPal, an eBay Company

[keith]

Found this thread on another forum I frequent:

Quote:

ebay, You're falling apart.....

OK so i was browsing through the cars section on ebay just now, and i noticed around 7 listings with what can only be described as explicit images as their gallery image.

Naturally i clicked on one of them out of interest to see what someone had planned to achieve by doing this, when i was greeted with a login screen...this is normal for ebay right? Periodic logins? Nooo.

By chance i noticed the address bar above had "50megs.com" in, somehow someone has found a way to redirect an ebay listing to another site...

Another thing while we're on ebay (which i expect is related to this) is that people have started adding fake "email this address for BIN" noticed under certain listings, be wary of these as they are NOT added by the listing creator.

Just some things to look out for.

Matt

You always have to stay diligent online.

Regards,
Keith

[kmfarm]

Good point. Ebay does a pretty good job of weeding out the scammers, but they do millions of transactions daily. Some scammers will get through until they are caught. Ebay works hard to spot these guys and they get better everyday.

Don't assume that a reputable site is automatically safe. Keep your eyes open. If it looks fishy, stay away.

When you suspect fraud on any site, report it right away. That's how we get these guys.

Fraud has always been around, not just on-line. Some people think that it's easier on-line. They're starting to learn different. We just have to stay on top of the scam artists and report everything. If you report something that's not a scam, no harm done.

Mark