phishing as eBay

[REN-ISAC <dodpears () INDIANA EDU>]

The following note regarding phishing under the guise of eBay was composed by a staff member at IUPUI.

> Hi everyone,
> Just wanted to alert you all to a "spoofed" ebay message that has been circulating. I just received one this morning...
> It requests you to login to ebay, through an embeded html email form. (but actually submits it to a DB at 
> <http://4pawsdb.org/>http://4pawsdb.org/ )
>
> Attached is a pdf of what the message looks like&. And below is a notice from eBay addressing the issue.
>
> So be on your toes, this probably will not be the last of these,,,,,

[identity removed]

> -------------------------------------------------------------------------------------------------------------
> Clipped from <http://www2.ebay.com/aw/marketing.shtml>http://www2.ebay.com/aw/marketing.shtml
> ***Online Safety: Protect Yourself From Fake (Spoof) Email*** Date: 12/15/03 Time: 05:26:46 PM PST
>
> Safety online starts with keeping 4b0155f.jpgyour online accounts secure from hacking and intrusions. Some Community 
> members have received deceptive emails claiming to come from eBay, PayPal, or other popular websites. Most Spoof 
> emails claim that your account is in jeopardy and you will not be able to buy or sell on eBay if you do not update it 
> immediately.
>
> The people who send these emails referred to as "spoof" or "phishing" emails -- hope that unsuspecting recipients will 
> reply or click on a link contained in the email and then provide sensitive personal information (e.g., eBay passwords, 
> social security numbers, credit card numbers, email passwords, etc.).
>
> Remember, just because an email looks like it's from eBay or PayPal and even includes links to a site that appear to 
> be eBay or PayPal it doesn't mean it really is.
>
> eBay strongly encourages our members to educate themselves on Spoof Emails and Web Sites by taking our 
> <http://pages.ebay.com/education/spooftutorial/>Spoof Email Protection Tutorial. In the tour, you will find detailed 
> online safety tips, such as:
>    * When in doubt about whether you are really on eBay or PayPal especially after clicking on a link in an email 
> open a new Web browser and type in either <file://www.ebay.com>www.ebay.com or <file://www.paypal.com>www.paypal.com.
>    * Never click on a link in an email that requests updates to your account information.
>    * Forward suspicious email to either spoof () ebay com or spoof () paypal com.
>    * Frequently check your account status to see if there is any suspicious activity.
>    * Always use a secure server when submitting credit card numbers online.
>    * Do not send eBay or PayPal passwords via email eBay and PayPal will never ask for it.
>
> Educate Yourself
> <http://www.ebay.com/securitycenter>eBay's Security Center provides detailed information about spoof emails, identity 
> theft, and what to do if your eBay account has been compromised.
>
> eBay is committed to enabling you to have a safe and enjoyable experience online. Your vigilance helps us ensure that 
> eBay remains a safe and vibrant online marketplace.
>
> Regards,
> eBay
> -------------------------------------------------------------------------------------------------------------



Doug Pearson
REN-ISAC
http://www.ren-isac.net




**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Attachment: ebayspoof.pdf
Description: