?

Log in

No account? Create an account
Ramblings Journals I Read Calendar The Dirt MegaZone's Waste of Time Older Older Newer Newer
WARNING - scammer pretending to be eBay, seeking credit card and checking data! - MegaZone's Safety Valve
The Ramblings of a Damaged Mind
zonereyrie
zonereyrie
WARNING - scammer pretending to be eBay, seeking credit card and checking data!
I got a fake email from eBay tonight asking me to confirm some account data by going to a URL in the email. I was tired enough to start filling out the form but I noticed the URL was to an IP, which was a huge red flag. I poked around the root of the server and it is definitely a scam.

Yes, I've reported this to eBay. I'd track his ISP and tell them, but I'm about to pass out and MUST go sleep NOW.

From aw-verify@ebay.com Fri Nov 22 04:04:23 2002
Return-Path: <aw-verify@ebay.com>
Delivered-To: megazone-megazone@megazone.org
Received: (qmail 46470 invoked from network); 22 Nov 2002 04:04:21 -0000
Received: from 169.178.252.64.snet.net (HELO EyeDea01) (64.252.178.169)
by retrocomputing.org with SMTP; 22 Nov 2002 04:04:21 -0000
From: aw-verify@ebay.com
Subject: Access restricted: Verify your account information.
To: megazone@megazone.org
Content-Type: multipart/alternative;
boundary="=_NextPart_2rfkindysadvnqw3nerasdf";
charset="US-ASCII"
MIME-Version: 1.0
Reply-To: aw-verify@ebay.com
Date: Thu, 21 Nov 2002 23:04:09 -0500
X-Priority: 3
X-Library: Indy 9.0.3-B
X-Mailer: Foxmail
Status: RO
Content-Length: 4221
Lines: 123

This is a multi-part message in MIME format

--=_NextPart_2rfkindysadvnqw3nerasdf
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable







[Error: Irreparable invalid markup ('<tt [...] new',monospace;>') in entry. Owner must fix manually. Raw contents below.]

I got a fake email from eBay tonight asking me to confirm some account data by going to a URL in the email. I was tired enough to start filling out the form but I noticed the URL was to an IP, which was a huge red flag. I poked around the root of the server and it is definitely a scam.

Yes, I've reported this to eBay. I'd track his ISP and tell them, but I'm about to pass out and MUST go sleep NOW.

<lj-cut text="Full email, including headers, behind this cut...">From aw-verify@ebay.com Fri Nov 22 04:04:23 2002
Return-Path: <aw-verify@ebay.com>
Delivered-To: megazone-megazone@megazone.org
Received: (qmail 46470 invoked from network); 22 Nov 2002 04:04:21 -0000
Received: from 169.178.252.64.snet.net (HELO EyeDea01) (64.252.178.169)
by retrocomputing.org with SMTP; 22 Nov 2002 04:04:21 -0000
From: aw-verify@ebay.com
Subject: Access restricted: Verify your account information.
To: megazone@megazone.org
Content-Type: multipart/alternative;
boundary="=_NextPart_2rfkindysadvnqw3nerasdf";
charset="US-ASCII"
MIME-Version: 1.0
Reply-To: aw-verify@ebay.com
Date: Thu, 21 Nov 2002 23:04:09 -0500
X-Priority: 3
X-Library: Indy 9.0.3-B
X-Mailer: Foxmail
Status: RO
Content-Length: 4221
Lines: 123

This is a multi-part message in MIME format

--=_NextPart_2rfkindysadvnqw3nerasdf
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

<html>

<head>
<meta http-equiv=3D"Content-Language" content=3D"en-us">
<meta name=3D"GENERATOR" content=3D"Microsoft FrontPage 5.0">
<meta name=3D"ProgId" content=3D"FrontPage.Editor.Document">
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dwindow=
s-1252">
<title>Dear eBay User</title>
</head>

<body>

<p><tt style=3D"font-family: 'courier new',monospace; font-size: x-small=
">Dear=20
eBay<b> </b>User,</tt></p>
<p><span style=3D"font-family: 'courier new',monospace; font-size: x-sma=
ll">During=20
our regular update and verification of the accounts, we couldn't verify =
your=20
current information. Either your information has changed or it is incomp=
lete.</span></p>
<p><span style=3D"font-family: 'courier new',monospace; font-size: x-sma=
ll">As a=20
result, your access to bid or buy on </span>
<tt style=3D"font-family: 'courier new',monospace; font-size: x-small">e=
Bay </tt>
<span style=3D"font-family: 'courier new',monospace; font-size: x-small"=
>has been=20
restricted. To start using your </span>
<tt style=3D"font-family: 'courier new',monospace; font-size: x-small">e=
Bay=20
account fully, <b>please update and verify your information by clicking =
below</b>=20
:</tt></p>
<p><font face=3D"courier new,monospace" style=3D"font-size: x-small"> <a=
href=3D"a" style=3D"text-decoration: none">=20
</a><a=20
href=3D"http://66.43.246.61/https/scgi.ebay.com/saw-cgi/verify.htm?eBayI=
SAPI.dll?&bidaccess=3D1&buyaccess=3D1&itemid=3Ddefault&maxbid=3Ddefault&=
makebidtype=3D559&uachoice=3D1&lagoonemorebid=3D0&raccept=3D1=3D0&rpt=3D=
1">https://scgi.ebay.com/s
aw-cgi/eBayISAPI.dll?VerifyInformation</a></font></p>
<p><tt style=3D"font-family: 'courier new',monospace; font-size: x-small=
">Regards,<br>
<b>eBay</b><br>
&nbsp;</tt></p>
<p><tt style=3D"font-family: 'courier new',monospace; font-size: x-small=
">
***Please Do Not Reply To This E-Mail As You Will Not Receive A <br>
Response***</tt></p>

</body>

</html>

--=_NextPart_2rfkindysadvnqw3nerasdf
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<html>

<head>
<meta http-equiv=3D"Content-Language" content=3D"en-us">
<meta name=3D"GENERATOR" content=3D"Microsoft FrontPage 5.0">
<meta name=3D"ProgId" content=3D"FrontPage.Editor.Document">
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dwindow=
s-1252">
<title>Dear eBay User</title>
</head>

<body>

<p><tt style=3D"font-family: 'courier new',monospace; font-size: x-small=
">Dear=20
eBay<b> </b>User,</tt></p>
<p><span style=3D"font-family: 'courier new',monospace; font-size: x-sma=
ll">During=20
our regular update and verification of the accounts, we couldn't verify =
your=20
current information. Either your information has changed or it is incomp=
lete.</span></p>
<p><span style=3D"font-family: 'courier new',monospace; font-size: x-sma=
ll">As a=20
result, your access to bid or buy on </span>
<tt style=3D"font-family: 'courier new',monospace; font-size: x-small">e=
Bay </tt>
<span style=3D"font-family: 'courier new',monospace; font-size: x-small"=
>has been=20
restricted. To start using your </span>
<tt style=3D"font-family: 'courier new',monospace; font-size: x-small">e=
Bay=20
account fully, <b>please update and verify your information by clicking =
below</b>=20
:</tt></p>
<p><font face=3D"courier new,monospace" style=3D"font-size: x-small"> <a=
href=3D"a" style=3D"text-decoration: none">=20
</a><a=20
href=3D"http://66.43.246.61/https/scgi.ebay.com/saw-cgi/verify.htm?eBayI=
SAPI.dll?&bidaccess=3D1&buyaccess=3D1&itemid=3Ddefault&maxbid=3Ddefault&=
makebidtype=3D559&uachoice=3D1&lagoonemorebid=3D0&raccept=3D1=3D0&rpt=3D=
1">https://scgi.ebay.com/s
aw-cgi/eBayISAPI.dll?VerifyInformation</a></font></p>
<p><tt style=3D"font-family: 'courier new',monospace; font-size: x-small=
">Regards,<br>
<b>eBay</b><br>
&nbsp;</tt></p>
<p><tt style=3D"font-family: 'courier new',monospace; font-size: x-small=
">
***Please Do Not Reply To This E-Mail As You Will Not Receive A <br>
Response***</tt></p>

</body>

</html>

--=_NextPart_2rfkindysadvnqw3nerasdf--
</lj-cut>

I am: tired tired
Current Media: TiVo: Tale Spin

1 STDOUT || STDIN
Comments
From: kazmat Date: November 22nd, 2002 05:39 am (UTC) (Direct Link)

common scams

There have been a bunch of ebay and paypal scam mails floating around recently.
1 STDOUT || STDIN