Another eBay Scam

I received an email this morning claiming to be from eBay asking me to change my password. It looks pretty legitimate...until you look at the HTML code. Then it becomes clear that all of the links in the email are not going to eBay but to some unknown location. This is clearly an attempt to steal passwords from unsuspecting users. Do not fall for it. Another tip off was that there were several typos/spelling errors in the email. Here's the text from the message:

Dear eBay user,
As stated in the User Agreement, Section 5.1, we may request you to change you password. Because of security reasons and for your saftey, please understand the situation and be so kind to change your password. Please acces the followink link to change your password : http://cgi5.ebay.com/aw-cgi/eBayISAPI.dll?RegisterShow

We thank you for your cooperation.

Respectfully,
Customer Support (Trust and Safety Department)
eBay Inc

[ Edited by: ModMana on 2003-06-12 12:57 ]

I got this doozy from "PayPal" yesterday. Most realistic looking password theft attempt I've seen yet. You have to picture this laid out in html exactly like a real Paypal page, with entry boxes for the info they request. The link even goes to the real Paypal page. I was curious so I looked up the security issue on the Paypal site and it says you will never be asked for this info in an email, especially one without the little padlock icon in the lower corner. Smooth.
:wink:

Dear PayPal Customer

This e-mail is the notification of recent innovations taken by PayPal to detect inactive customers and non-functioning mailboxes.

The inactive customers are subject to restriction and removal in the next 3 months.

Please confirm your email address and credit card information by logging in to your PayPal account using the form below:

Email Address:
Password:
Full Name:
Credit Card #:
Exp.Date(mm/yyyy):
ATM PIN (For Bank Verification) #:

This notification expires September 31, 2003

Thanks for using PayPal!

This PayPal notification was sent to your mailbox. Your PayPal account is set up to receive the PayPal Periodical newsletter and product updates when you create your account. To modify your notification preferences and unsubscribe, go to https://www.paypal.com/PREFS-NOTI and log in to your account. Changes to your preferences may take several days to be reflected in our mailings. Replies to this email will not be processed.

Copyright© 2002 PayPal Inc. All rights reserved. Designated trademarks and brands are the property of their respective owners.

Aloha,

Good catch! This scam has been going on for over 2 years now...Be aware...

Mahalo,
TikiMaster

I'm amazed at some of the shit that scammers try to get from unsuspecting people...Your mother's maiden name? Your ATM pin number? Your checking account number? If someone is gullible enough to fall for that they deserve to be robbed blind. Maybe you should just get the scammers mailing address, drop your wallet, passport, car keys and a copy of your family tree in a manilla envelope and send it out to them.

Hello there friends! This is the Happy Dude!

If you would like to learn my secrets to happiness, just send one dollar to...

On 2003-06-12 13:07, Tiki-bot wrote:

This notification expires September 31, 2003

September only has 30 days - that should have been a big giveaway right there!

On 2003-06-12 17:53, johntiki wrote:
If someone is gullible enough to fall for that they deserve to be robbed blind.

They might deserve it John...but that won't stop me from running for Prime Minister of Canada on the platform of "gut (yes, gut) all Internet scammers, spammers, and hoaxers!" When you dream, dream large.

aloha,
emspace.

Also, you should all keep in mind that banks and credit card companies never have access to your PIN number. PINs are either chosen by the client or generated randomly by a computer, and employees cannot access it, as that would give them unfettered access to your accounts. I would guess that systems like PayPal use a similar system.

(That's also why, when you call or come in and say "I forgot my PIN number" they have to mail it to you-- it's a security measure!)

Hello, this is Homer Simpson, a.k.a. Happy Dude. The court has ordered me to call every person in town to apologize for my telemarketing scam. I'm sorry. If you can find it in your heart to forgive me, send one dollar to Sorry Dude, 742 Evergreen Terrace, Springfield. You have the power.