beware eBay "phishing" scam to Yahoo.com addresses
- This is not on topic, but since many of you probably have @...
email addresses, then 'en garde'!
I received a email from "eBay" earlier today in my yahoo mailbox. I
did some checking on the routing information. It originated from an
email server administered in Paris. (Not exactly eBays home town.)
But can originate from a hacked or possibly virus-infected computer
The message has all the hallmarks of being a "phishing" scam,
intended to steal account information from anyone it lulls into goint
to the embedded link. BTW, the message is very authentic looking --
almost flawless -- compared to those of a few years ago.
- Don't go to the embedded link, just delete the message.
The Subject line says "EBAY INC: IMPORTANT ACCOUNT NOTIFICATION..."
The message body has a eBay logo and advises "We regret to inform
you that your eBay account could be suspended if you don't re-update
your account information ..."
<"re-update" ? interesting word structure. hmmm...
The signatory on this one is "Safeharbor Department eBay, Inc"
' nuff said.
- Actually Dave this has been going on for a long time. Don't delete the
email, but forward it to spoof@... and they will shut the site down.
----- Original Message -----
> - Don't go to the embedded link, just delete the message.
> The Subject line says "EBAY INC: IMPORTANT ACCOUNT NOTIFICATION..."
- -- DO NOT READ if you hate being too off topic --
VERY off topic... but bear with me.
If you receive an e-mail from a bank (yes, even Canadian and U.K. banks...
not just American) as well as eBay or PayPal that says that you're account
needs updating or suspending, DON'T EVER assume it's on the level.
DON'T click on the link in the e-mail... go to the site as you normally do
or type the address into the URL address bar in your browser. Log into your
account from there and if there's a problem, they will tell you there.
As a former bank employee, I can also tell you this PERFECT tip... NO ONE
(not even a bank teller) should EVER ask for your PIN number. This should
ONLY ever be typed in by yourself to an ABM (bank machine) or to an
Interac/Cirrus type machine... or at your (physical branch) bank on a
machine in the branch... NEVER GIVE YOUR PIN NUMBER TO ANYONE ONLINE.... ever!
If you do or have, go to your bank (actual branch) or call their "hotline"
(via phone) right away and change the PIN.
So, one of the easy ways to spot a "phishing trip" is to look for the
link/page/e-mail ASKING you for a PIN number...
When it comes to your finances, like many things in medicine, piloting and
when dealing with black powder, "When in doubt, DON'T!"
If you're still "worried" that e-mail is truly about your account being
suspended or the like, CONTACT THE SITE/INSTITUTION VIA E-MAIL and ask...
DON'T hit reply and DON'T use the link in the e-mail... go to the site and
send a mail to their general contact e-mail and ask about the mail you
received BEFORE giving out your information to anyone... Wait for their
Sorry to chime in, but I get dozens of e-mails per day from people worried
that their eBay, Canada Trust, CIBC, Royal Bank, Paypal, etc. account is in
jeopardy... when it's only a "phishing trip" from some scam artist.
- = - = - = - = - = - = - = - = - = - = - = -
Matthew James Didier - Generic Ne'er do well...
Webmaster/Honourary Member of The Incorporated Militia
of Upper Canada - http://www.imuc.org/
Webmaster/Honourary Member of The Norfolk Militia
(Heritage Regiment) - http://www.uppercanadianheritage.com/norfolk/
Also webmaster and whipping boy for...
PERSONAL QUEST/HELP WEBSITE:
Help me realise a dream and save a piece of history.
"I do not want my house to be walled in on all sides and my windows
to be blocked. I want the culture of all the lands to be blown about my
house as freely as possible. But I refuse to be blown off my feet by any."
- Mahatma Gandhi
You must have missed my original note's comment comparing the polished
level of the one I saw to the cruder phishing emails I had seen in the
past. Having been in network security well before the Melissa outbreaks
of 1999, I don't disagree when you say that "phishing" scams have been
around several years.
But experience in monitoring virus, spam, email scams, etc. and all
manner of nasties that even the best-patched Windows users ran into --
showed that 99.5 % of the time, users are receiving something that
Internet security firms already know about. <It's because they can
legitimately run 'honeypot' operations to attract 'flies'>
In dealing with 1000s of networked PCs over many years, I only once
stumbled across a undetectable piece of particularly nasty malicious
code that was not already known to major anti-virus companies. Only one
had seen it, and then only 2 days earlier. They said it was not
then "in the wild", and wondered how I discovered it and what the
delivery vector was. Naturally, I half-hoped that one of the number of
companies I sent pre-authorized and carefully packaged samples to would
name it after me.
Not being smug old chap, just pointing up why I recommended that users
delete strange messages. (Ok, Ok -- if you want to be really technical,
also add don't open attachments and use shift-delete to really
Enough tech claptrap from my end. Think I'll close up shop and go do
some reel <g> fishing.
--- In WarOf1812@yahoogroups.com, "Kevin Windsor" <kevin.windsor@s...>
> Actually Dave this has been going on for a long time. Don't deletethe
> email, but forward it to spoof@e... and they will shut the site down.
> ----- Original Message -----
> > - Don't go to the embedded link, just delete the message.
> > The Subject line says "EBAY INC: IMPORTANT ACCOUNT NOTIFICATION..."