Jump to content
xisto Community
Sign in to follow this  
sunny

Ebay Spoof/phishing Attacks. fake ebay email detection.

Recommended Posts

Currnetly there are several jokers out there who try to send fake emails pretending to be from eBay itself.

Such emails may be used to steel personal as well as financial data is the user recieving the mail clicks on the links.

After contacting the ebay Support via email I've got following tips:

I am posting the mail I got from eBay as it is so that the users of Xisto can also detact an fake email and maintain their privacy.

From: eBay Customer Support <spoof@ebay.com>
To: Cyber Mitra < cyber . mitra @gmail.com>

Hello,Thank you for writing to eBay regarding the email you received.Emails such as this, commonly referred to as "spoof" or "phished"messages, are sent in an attempt to collect sensitive personal orfinancial information from the recipients.The email you reported was not sent by eBay. We have reported this emailto the appropriate authorities.In the future, be very cautious of any email that asks you to submitinformation such as your credit card numbers or passwords. If you areever concerned about an email you receive from eBay, simply follow thesesteps:1. Open a new Web browser and type http://www.ebay.com/ into your browseraddress field to go directly to the eBay site.2. On eBay, click on the "My eBay" link at the top of the page and signinto your account.3. Check the "My Messages" link located on the left side of the My eBaypage. If an email affects your eBay account, it's now in "My Messages."Any email sent to your registered eBay email address from eBay or fromanother eBay member via eBay's member-to-member communication systemwill also appear in "My Messages."Just remember, if you get an email regarding a problem with your accountor that is requesting personal information, and the email looks like itis from eBay, please check My Messages first. If it's not there, it's afake email.If you still have any doubt about whether an email message is from eBay,please forward it to spoof@ebay.com immediately. Do not respond to it orclick any of the links. Do not remove the original subject line orchange the email in any way when you forward it to eBay.If you have already entered sensitive personal information, financialinformation, or your password into a Web site based on a request from aspoofed email, you should take immediate action to protect your identityand all of your online accounts. We have developed an eBay Help pagewith valuable information regarding the steps you should take to protectyourself. [url="http://forums.xisto.com/no_longer_exists/ review eBay's new tutorial about Spoof Emails, please see thefollowing Web page: [url="http://forums.xisto.com/no_longer_exists/ help you better protect yourself from fake eBay and PayPal Web sites,we have developed a feature for the eBay Toolbar called "Account Guard."Account Guard includes an indicator of when you are on an eBay or PayPalWeb site or a known spoof (or "phishing") site, buttons to report fakeeBay Web sites, and a password notification feature that warns you whenyou may be entering your eBay password on an unverified site.To learn more about the eBay Toolbar with Account Guard, please go to http://www.ebay.com/, click on "Downloads" at the bottom of the page, and thenclick on the "eBay Toolbar" link.We also recommend that you keep your browser, operating system, andvirus protection software up to date. Check for updates at the "WindowsUpdate" link on http://www.microsoft.com/de-de and scan your computer for virusesoften.Once again, thank you for alerting us to the spoof email you received.Your efforts help keep eBay a safe and fair place to trade.Regards,AndeeBay SafeHarborInvestigations Team______________________________eBayThe World's Online Marketplace! Ž*******************************************Important: eBay will not ask you for sensitive personal information(such as your password, credit card and bank account numbers, SocialSecurity numbers, etc.) in an email. Learn more account protection tipsat:[url="http://forums.xisto.com/no_longer_exists/ our latest announcements, please check:[url="http://forums.xisto.com/no_longer_exists/ order to better serve you, we'd like to occasionallyrequest feedback on our service. If you would rathernot participate, please click on the link below and sendus an email with the word "REMOVE" in the subject line.If that does not work, please send an email to theemail address below. Your request will be processedwithin 5 days.mailto:cssremove@ebay.com

Share this post


Link to post
Share on other sites

i always received this kinda spoof emails ... some of them are banks and some of them are ebays ... but it's very easy to detect .... firstly .. the email address is a good thing to spot a spoof ... secondly .. all of these spoofs doesnt use words ... they tend to use an image for it ... that is the whole email is an image ... wherever you click on the letter .. it will bring you to the targetted url .. so be alert when u received these kinda spoof emails ...

Share this post


Link to post
Share on other sites

well that's right there are some people who send these kind of emails...now, either you have to be very carefull about these emails or what you can do is you can use a toolbar from Netcraft and it tells you all those websites which are fake or in other words keeps you safe from phishing :)The website's address is https://www.netcraft.com/, I hope this tool will help Xisto members. :)

Share this post


Link to post
Share on other sites

I have also recieved one email for Ebay.Yes, it is image too.It is regarding updating the account information or they will suspend my account.I found by looking at from address as it is from ""eBay" <custservice_id_155002@ebay.com>"Good, that i am using firefox. It has detected the link, when i cliked on image by mistake.It is always good to have precautions...

Share this post


Link to post
Share on other sites

what you can do is you can use a toolbar from Netcraft and it tells you all those websites which are fake or in other words keeps you safe from phishing :)

The website's address is https://www.netcraft.com/, I hope this tool will help Xisto members. :)

181280[/snapback]


Thanks for this toolbar. It is great way to prevent phising...

 

It even works with firefox too....

 

Cool. Thank You.

Share this post


Link to post
Share on other sites

Some facts about Spaming:

AT&T WorldNet says it rejects 10 million to 12 million e-mails a day because the addresses don't match real users'--a sure sign that spammers are at work. Newsweek - Crammed with Spam 1/2 to 3/4 of all spam email has forged reply addresses, estimating that the spam volume is now up to 1 billion messages a year. Jeff Lawhorn, Software Design Associates  Most ISPs estimate the extra cost due to spam as $2 to $3 per month per user, and longer connection times, which can be costly for rural users who have to dial long distance to connect to the Internet. IDG A recent survey found that ISPs spend millions of dollars to stop spammers, with about $2 of each subscriber's bill going toward spam prevention. CNN Approximately 10% of ISP overhead deals with SPAM (churn rate; lost revenue due to defection; new customer acquisition; infrastructure; personnel) Gartner Group The Federal Trade Commission reports that when it went after spammers earlier this year, it received 500 unsolicited e-mails in a single mailbox every day - and the commission probably didn't receive it all. CNN The increases in marketing messages are outpacing the growth in personal e-mail. By 2005, expect to get about one marketing e-mail for every two or three personal messages. Industry Standard Spending on commercial e-mail will balloon to $7.3 billion in 2005 from $164 million in 1999. In 1999, the average consumer received 40 pieces of spam. By 2005, the total is likely to soar to 1,600. Jupiter Communications FTC gets 4,500 spam complaints per day The average business e-mail user receives three spam messages a day, and in three years that number will swell to 40. In 2003 we'll waste 15 hours deleting e-mail, compared to 2.2 hours in the year 2000. That will cost the average business in the future $400 per in-box, compared to $55 today. Ferris Research Average U.S. consumer will receive 1,600 commercial email messages in 2005, up from 40 in 1999, while non-marketing and personal correspondence will more than double from approximately 1,750 emails per year in 1999 to almost 4,000 in 2005. Jupiter Communications, May 2000 By 2002, E-mail will grow from 9.8% to 17.3% of a company's total number of contacts with a customer. Forrester Research



One more thing, If you got an email from ebay and you suspect that it is not from actual eBay.com. then you can report this to ebay by forwarding that mail in original form to [b}spoof@ebay.com[/b]

Your complaint will be registered and the person sending those email will be executed (hopefully).

Anyways, by doing so you can help ebay to find more about those cheaters.

Share this post


Link to post
Share on other sites

I have received a few ebay spoof emails recently .... i forwarded them to ebay.One way to check if they are spoof emails is to follow the link they suggest to where they want you to enter you personal details .... at this point look in the bottom right hand corner of your browser for a padlock icon .... if there isnt one then you are not on a secure site.With to regard to ebay spoof emails .... they would never contact you by email for your details , they would send you a message to your ebay inbox if they had a problem with your account details.

Share this post


Link to post
Share on other sites

I have received a few ebay spoof emails recently .... i forwarded them to ebay.

 

One way to check if they are spoof emails is to follow the link they suggest to where they want you to enter you personal details .... at this point look in the bottom right hand corner of your browser for a padlock icon .... if there isnt one then you are not on a secure site.

 

With to regard to ebay spoof emails .... they would never contact you by email for your details , they would send you a message to your ebay inbox if they had a problem with your account details.

194821[/snapback]


of everyone can just look at the Web Address and notice its not Ebay, or your Bank's web address...simple as that. But yea this is a problem, ive received emails like that from people looking for my Ebay stuff but thats about it, never anything else.

Share this post


Link to post
Share on other sites

Phishing is HUGE. I work for a bank and it seems each day more of my time is spent dealing with it. Everyone seems to agree, education is the key. Banks do not, will not send emails to clients asking them for sensitive personal or financial infomation.

 

It staggers me how many people will willingly submit their credit card info simply because they get an email directing them to a website that asks for it. Once your numbers have been sent, phishers can have a fake card coded and at an ATM within half-an-hour.

Share this post


Link to post
Share on other sites

One way to check if they are spoof emails is to follow the link they suggest to where they want you to enter you personal details .... at this point look in the bottom right hand corner of your browser for a padlock icon .... if there isnt one then you are not on a secure site.
With to regard to ebay spoof emails .... they would never contact you by email for your details , they would send you a message to your ebay inbox if they had a problem with your account details.

Yikes! Don't ever click on these e-mails to confirm.... once you've done that, they know that your e-mail address is good. They keep trying that e-mail address (and possibly spread your address around to a few phishing friends. But, niloc is correct in what he says about them never sending you e-mails about stuff like that. You can see "How to detect spoof e-mail" at e-bay: http://pages.ebay.com/messages/page_not_found.html?eBayErrorEventName=p4fug%60fvehq%60%3C%3D%60mb6a54d.1773-2016.11.09.21.31.37.012.MST

I think that my "feedback" e-mail address has been either scraped by bots - or simply added to a phishing list manually because my site had "Contact: mailto:x@y.com " -- easy to search for, and protect against if I had done what it takes (I think that it has something to do with editing the robots.txt file - confirm anybody?). In any case, 96% of the e-mails arriving at my feedback e-mail have all kinds of important sounding warnings about various accounts that I may or may not even have. All phishing attempts. All deleted immediately.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.