I have just received the folowing email purporting to be from an ebay seller (DO NOT FOLLOW UP THE LINK):-
Hello,
Are you still interested in purchasing my item ?
To view the item, go to: (Link removed at Badger's request)
Thank you,
aldenjl
This is a change form the usual "please update your ID and password" stuff but the link takes you to a fake email log-in page the completion of which will no doubt clean out your bank account.
I am not watching any items at present and have expressed no interest to anyone. The username shown in the email is not a registered ebay member.
I use Firefox with the SpoofStick spoof site detection extension installed. Not conclusive, but it helps. It confirms that the IP of the supposed ebay login page is in fact 24.20.111.214 -- not ebay. The URL is actually htttp://24.20.111.214/.a/Sign In.htm .
|
The link in your post points to the actual eBay site, albeit an invalid item. Presumably the link in the message points to something other than the URL shown.
If anyone is in any doubt about how hard these scams can be to spot, have a look at survey.mailfrontier.com/survey/quiztest.html .
The examples are American but some of the companies also operate on this side of the pond. I have to admit that I didn't do too well: I assumed that some of the legitimate messages were convincing fakes.
|
IMPORTANT: PLEASE READ.
Since I posted this, ebay has confirmed that this is a known spoof and, what is more, that it may install a keystroke logger virus on activation of the link. Norton detected none but I suggest mods remove that link please.
|
...I suggest mods remove that link please.
Don't worry! You've only pasted what the link was pretending to point to. You haven't pasted the dodgy link itself. Anyone clicking on your post will be sent, harmlessly, to a non-existent item on the real eBay site.
If you have a look at the quiz that I posted above, you'll see examples of URLs in messages that don't go where they appear to.
|
Look -- this is what ebay say:-
"Thank you for writing to eBay regarding the email you received.
We reviewed your report and found that although the message you received was made to appear as if it had been sent by an eBay user, it was not.
It appears that this email may also contain a keystroke virus. If you clicked on ANY OF THE LINKS IN THE EMAIL, you may have exposed your computer to this virus."
(My emphasis)
|
|
PS -- the supposed ID of the member is also a link. I have a good understanding of this subject and suggest, with all due respect, that you are dangerously mistaken. Let's not try to second-guess, but just listen to ebay Safe Harbor on the subject.
|
|
|
I'm sure the e-mail you received did contain a dodgy link but your post didn't. In other words, you've done people a favour by warning them about the scam but you haven't actually exposed them to the risk.
If you still have the e-mail, try hovering your mouse pointer over the link. You'll almost certainly find that the link doesn't point to the URL in the message.
For another example, have a look at www.mailfrontier.com/quiztest2/S2html/Q8.html which is one of the items in the quiz I mentioned above. The link in the message looks genuine but you can see from the botton of the window that it really points to something different.
|
I'm sure the e-mail you received did contain a dodgy link but your post didn't
I take your point now, welliesorter and am sorry I misread you.
|
No worries. You prompted me to install SpoofStick, which does look quite handy!
I hope the moderators will be tolerant with this thread. A lot of people here do use eBay for their motoring needs. There's no harm in anything that increases awareness of these scams.
|
That's precisely why I posted it. Ebay Motors is as affected by this as any other department.
I suppose the moral, and will bear repeating, is that you never, ever, reveal private info in response to an email, however convincing. Always log on to the site direct and take it from there. I did that in this case, checked that I had had no recent dealings with this individual, checked their status and found that they are not a registered member. That alone is enough. I then forwarded the message to spoof@ebay.com and they confirmed things very smartly. I must admit that the keylogger is one I haven't encountered before in this context,although I've had many spoof ebay messages.
|
|
|
|
|
There is a useful little piece of Javascript you can enter in the URL of your browser which will determine the real identity of the web page you have downloaded.
in the URL box of your browser(where it says www.honestjohn.co.uk ) type or cut and paste the following.
javascript:alert(location.protocol location.hostname);
Hit enter
You will see an alert window on your screen which verifies that hypertext transfer protocol (HTTP) is being used to access the site and honestjohn.co.uk is the true hostname for the site.
Leon
|
|
Thanks, but that's what the SpoofStick extension on my Mozilla Firefox does, without the need for any script writing. I used it on this occasion. Works a treat. Perhaps you missed it in my post, but the info may help IE users.
|
|
Just had an odd one from Evesham. Seems genuine enough but sent Norton and ZA in to red alert....
|
|
|
