Security Incidents mailing list archives
EBay Fraud Attempt
From: "Logan F.D. Greenlee" <lgreenlee () ciretose net>
Date: Sat, 7 Dec 2002 10:25:29 -0500
To the moderator: This is my first post, and I'm not sure that this is right list to be sending this to. If it isn't could you please tell me where I should send it? Hello All, About 24 Hours ago I received an e-mail from "EBay Billing" with the subject of "EBay Billing Error". However, I have not conducted any transactions in months, so I became suspicious. The text of the e-mail is below as well as the routing path, which would indicate that it was not in fact sent by eBay. Further, a visit to the site that is refrenced in the email leads to a page that is javascript encoded. Right click is disabled to prevent saving of the page. An inspection of the source would also indicate that the creators of the page do not want users to see where their information is going. I've looked around eBay and found no other pages that were constructed in a similar manner. Finally, I checked the WHOIS database entry for "ebayupdates.com" and found that the registrants were not eBay corporate but someone in Florida. Is it possible that this is a farily large scale attempt at gathering eBay users account and/or credit card information. Logan **** Message Header ***** Microsoft Mail Internet Headers Version 2.0 Received: from 195.73.193.7 ([24.232.235.26]) by ciretose.net with Microsoft SMTPSVC(5.0.2195.5329); Fri, 6 Dec 2002 19:03:46 -0500 Received: from unknown (HELO f64.law4.hotmail.com) (13.61.40.178) by ssymail.ssy.co.kr with smtp; Dec, 06 2002 3:57:55 PM -0100 Received: from sparc.isl.net ([45.55.85.241]) by anther.webhostingtalk.com with NNFMP; Dec, 06 2002 2:52:05 PM -0300 Received: from [177.34.196.8] by f64.law4.hotmail.com with NNFMP; Dec, 06 2002 1:46:01 PM +1100 From: Ebay Billing <Billing () ebay com> To: logan () ciretose net Cc: Subject: Ebay Billing Error Sender: Ebay Billing <Billing () ebay com> Mime-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Date: Fri, 6 Dec 2002 16:02:56 -0800 X-Mailer: eGroups Message Poster Return-Path: Billing () ebay com Message-ID: <DCxgX3kT8fP682w9hWb00000009 () ciretose net> X-OriginalArrivalTime: 07 Dec 2002 00:03:49.0430 (UTC) FILETIME=[1E97BD60:01C29D84] **** End Message Header ***** **** Message Contents ***** Dear Ebay Member, We at Ebay are sorry to inform you that we are having problems with the billing information of your account. We would appreciate it if you would visit our website [Ebay Billing Center] <http://www.ebayupdates.com> and fill out the proper information that we are needing to keep you as an Ebay member. If you think you have received this email as an error, please visit our website and fill out the neccesary information. That way we can make sure that everything is up to date! Again here is the link to our website. Ebay Billing Center <http://www.ebayupdates.com> Joe Watson Ebay Billing Center Rep ID. 32A Thank you for your business. The Ebay Staff. ************************************************************************ ******** ********************************* Do not reply to this e-mail, for assistance contact the customer service team. ************************************************************************ ******** ********************************* ***** Message Contents ****** ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- EBay Fraud Attempt Logan F.D. Greenlee (Dec 08)
- Re: EBay Fraud Attempt jlewis (Dec 09)
- Re: EBay Fraud Attempt Chris A. Mattingly (Dec 11)
- Re: EBay Fraud Attempt Kee Hinckley (Dec 11)
- Re: EBay Fraud Attempt Waitman C. Gobble, II (Dec 09)
- <Possible follow-ups>
- Re: EBay Fraud Attempt Stephen Friedl (Dec 09)
- Re: EBay Fraud Attempt Stephen J. Friedl (Dec 11)
- Fwd: EBay Fraud Attempt Dave Laird (Dec 09)
- RE: EBay Fraud Attempt Carlo Costanzo (Dec 11)
- Re: EBay Fraud Attempt Dave Laird (Dec 11)
- Re: EBay Fraud Attempt Mark (Dec 11)
- RE: EBay Fraud Attempt Carlo Costanzo (Dec 11)
(Thread continues...)
- Re: EBay Fraud Attempt jlewis (Dec 09)