[NTLK] SPAM - was OT - Off Topic - Need an eBay auction to bid on

From: DJ Vollkasko (DJ_Vollkasko_at_gmx.net)
Date: Sat Oct 25 2003 - 00:43:54 PDT


>From: "Frank Gruendel" <fg2_at_pda-soft.de>
>Subject: [NTLK] OT - Off Topic - Need an eBay auction to bid on
>Date: Fri, 24 Oct 2003 23:17:02 +0200
>
>Hi all,
>
>please excuse the off-topic post. The subject isn't as stupid
>as it seems. Some days ago eBay.com (or seemingly eBay.com) sent me
>a mail that said...

I get like mails. There's always a link included - if you look at the link
closely, its URL DOES contain the string EBAY, but the actual host is NEVER
a DNS-resolved hostname like www.ebay.com, but an IP address.
This is spam, and somebody is trying to get ebay users to click there.

The same mode is employed with PayPal-mimiking spam, BTW. At least I get
mails to pls. update my PayPal details - but I don't have an account
there... Go figure.

>Dear eBay User,
>
>During our regular update and verification of the accounts,
>we could not verify your current information. Either your
>information has changed or it is incomplete.

You should be able to log in to Ebay by typing the normal URL into the
browser and see your account details. Are they current?

If you think this is a valid request, then change your account to something
else, and then change it back to proper values.

>As a result, your access to bid or buy on eBay has been restricted.

Here, they threaten you so you feel complied to follow them through with
their evil scheme. Nice bit o' social engineering, though! ;=}

>According to our site policy you will have to confirm that you are
>the real owner of the eBay account by log in and complete the form
>that will pop up or else your account will be suspended without
>the right to register again with eBay.
>After you will login please verify your information in order to
>complete this verification.

Do it with logging in to Ebay if you feel insecure, but don't use any links
they mailed you.
IIRC, there's also a statement somewhere from Ebay that they never ask for
you password via mail or phone.

I reckon these people harvest mail addresses for spam mailing purposes and
if they really collect data, it's to improve the quality of the data they
sell to other spammers. Just by finding out age and gender, they can focus
certain spam types more precisely on the appropriate markets (target breast
enlargement at women, generic viagra at anybody 21+, a cure for baldness at
males 30+, and the Nigerain Connection focusses on folks 45+ - who more
often have disposable income and interest in "profitable" investments than
other age groups). Plus Ebay-Users have a proven track record of online
shopping, so there...

>Although the source code of this html mail looks innocent enough,
>I'm not going to type my password into a form of which I don't know
>it was really sent from eBay. I am able to log in and bid at the German
>eBay just fine, and I can log in at eBay.com just fine, too. I am,
>however, using their standard login page and not the form in
>the mail I was sent.

Excellent.

What was the return address this mail used?
Does it look like the normal Ebay-mail adresses?
Is the mail styled like the ususal Ebay-mails?

And why do the write en Ingles, if you are registered and bidding in Allemand?

>I sent eBay a mail twice asking if this has really come from
>them, and, true to form, they haven't answered nor even acknowledged
>they received my mail. I wonder what these people charge so much money
>for.

Excellent question. - Did you reply on this mail, or did you use contact
details provided on the Ebay-website?

Anyway, I wouldn't worry. I delete 'em. This is spam, I think.

*
*
*

Talking about spam mails - well, I created this mailbox just early this
month for (up to now) exclusive use at this mailing list. I have as of yet
never used this address anywhere else besides for Newtontalk and exchanging
mails with an handful of current and former Newton users, mostly folks on
this list (cheers + thanks, guys!).

I have since then received 4 notifications from my mailprovider about spam
mail (all mail gets screen by provider, usually 80% of it stays on the
providers server; none of these reached me, that bumps the recognition
quota for now up to 100 % - woohoo! ;=}) -

dunkerz1_at_aol.com, Retire NowKguwjvd
ThisisTrue_at_hotmail.com, Make Money now!!Jgmjyq
"Sandy Edwards" <htzasgan_at_mailexcite.com>, inemone omtn uz cn
lgamNicole Evans <ahsinclair_at_hotmail.com>, Lowest price on Phentermine iidkd

Victor (and all) -

are there ways to better secure our mail adresses here from being ripped?

Cheers,

DJV.

-- 
This is the NewtonTalk list - http://www.newtontalk.net/ for all inquiries
List FAQ/Etiquette/Terms: http://www.newtontalk.net/faq.html
Official Newton FAQ: http://www.chuma.org/newton/faq/


This archive was generated by hypermail 2.1.5 : Sat Oct 25 2003 - 01:30:00 PDT