EBay Fraud Attempt

["Logan F.D. Greenlee" <lgreenlee () ciretose net>]

To the moderator:
        This is my first post, and I'm not sure that this is right list
to be sending this to. If it isn't could you please tell me where I
should send it?

Hello All,
        About 24 Hours ago I received an e-mail from "EBay Billing" with
the subject of "EBay Billing Error". However, I have not conducted any
transactions in months, so I became suspicious. The text of the e-mail
is below as well as the routing path, which would indicate that it was
not in fact sent by eBay. Further, a visit to the site that is refrenced
in the email leads to a page that is javascript encoded. Right click is
disabled to prevent saving of the page. An inspection of the source
would also indicate that the creators of the page do not want users to
see where their information is going. I've looked around eBay and found
no other pages that were constructed in a similar manner. Finally, I
checked the WHOIS database entry for "ebayupdates.com" and found that
the registrants were not eBay corporate but someone in Florida. Is it
possible that this is a farily large scale attempt at gathering eBay
users account and/or credit card information.

Logan


**** Message Header *****
Microsoft Mail Internet Headers Version 2.0
Received: from 195.73.193.7 ([24.232.235.26]) by ciretose.net with
Microsoft SMTPSVC(5.0.2195.5329);
         Fri, 6 Dec 2002 19:03:46 -0500
Received: from unknown (HELO f64.law4.hotmail.com) (13.61.40.178) by
ssymail.ssy.co.kr with smtp; Dec, 06 2002 3:57:55 PM -0100
Received: from sparc.isl.net ([45.55.85.241]) by
anther.webhostingtalk.com with NNFMP; Dec, 06 2002 2:52:05 PM -0300
Received: from [177.34.196.8] by f64.law4.hotmail.com with NNFMP; Dec,
06 2002 1:46:01 PM +1100
From: Ebay Billing <Billing () ebay com>
To: logan () ciretose net
Cc: 
Subject: Ebay Billing Error
Sender: Ebay Billing <Billing () ebay com>
Mime-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Date: Fri, 6 Dec 2002 16:02:56 -0800
X-Mailer: eGroups Message Poster
Return-Path: Billing () ebay com
Message-ID: <DCxgX3kT8fP682w9hWb00000009 () ciretose net>
X-OriginalArrivalTime: 07 Dec 2002 00:03:49.0430 (UTC)
FILETIME=[1E97BD60:01C29D84]
**** End Message Header *****

**** Message Contents *****
Dear Ebay Member, 
We at Ebay are sorry to inform you that we are having problems with the
billing information of your account. We would appreciate it if you would
visit our website [Ebay Billing Center] <http://www.ebayupdates.com> and
fill out the proper information that we are needing to keep you as an
Ebay member.
If you think you have received this email as an error, please visit our
website and fill out the neccesary information. That way we can make
sure that everything is         up to date! Again here is the link to
our website. Ebay Billing Center <http://www.ebayupdates.com>
Joe Watson 
Ebay Billing Center 
Rep ID. 32A 
Thank you for your business. 
The Ebay Staff. 
************************************************************************
******** ********************************* 
Do not reply to this e-mail, for assistance contact the customer service
team. 
************************************************************************
******** ********************************* 
***** Message Contents ******




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com