OT: "eBay Safeharbor Department Notice"?



W

Wild Wind

Guest
"Dr Curious" <[email protected]> wrote in message
news:[email protected]...

<snip>

Dr. Curious,

Just to get back to the original debate, you are saying
that http://scgi.ebay.com means that the domain is owned by
scgi.com, right?

Let's try a bit of empiricism. How would then explain the
ownership of http://pages.ebay.com, (which on visiting appears
to be owned more by ebay.com than pages.com) or
http://news.bbc.co.uk (more bbc.co.uk than news.co.uk)?
Or have I got this all wrong?

--
Akin

aknak at aksoto dot idps dot co dot uk
 
I've just received an email asking me to "verify" my "personal
information" because "you or someone else had used your identity to make
false purchases on eBay...".

Is this likely to be genuine, and genuinely from eBay, or is it a scam
from someone disguising themself as eBay to nick IDs and passwords?

The link I've been asked to click takes me to:
http://68.213.208.2:5253/Sign In.html

Copy of email follows (I've replaced certain numbers/part of URLs with
"[number]"):

-------------------------------------------------
eBay Safeharbor Department Notice

Fraud Alert ID : [number]

Dear eBay member,

You have received this email because you or someone else had used your
identity to make false purchases on eBay. For security reasons, we are
required to open an investigation on this matter. We treat online fraud
seriously and all cases which cannot be resolved between eBay and the
other involved party are forwarded for further investigations to the
proper authorities. To speed up this process, you are required to verify
your personal information against the eBay account registration data we
have on file by following the link below.

http://scgi.ebay.com/verify_id=ebay&user=[number]

Please save this fraud alert id for your reference.

When submitting sensitive information via the website, your information is
protected both online and off-line. When our registration/order form asks
users to enter sensitive information (such as credit card number and/or
social security number), that information is encrypted and is protected
with the best encryption software in the industry - SSL.

Please Note - If your account informations are not updated within the next
72 hours, we will assume this account is fraudulent and it will be
suspended. We apologize for this inconvenience, but the purpose of this
verification is to ensure that your eBay account has not been fraudulently
used and to combat fraud.

We apreciate your support and understading, as we work together to keep
eBay a safe place to trade.

Thank you for your patience in this matter.

Regards, Safeharbor Department (Trust and Safety Department)
eBay Inc
-------------------------------------------------

Thanks
~PB
 
"Pete Biggs" <ppear{remove_fruit}@biggs.tc> writes:

>I've just received an email asking me to "verify" my "personal
>information" because "you or someone else had used your identity to make
>false purchases on eBay...".

>Is this likely to be genuine, and genuinely from eBay, or is it a scam
>from someone disguising themself as eBay to nick IDs and passwords?

My vote is for scam.

>The link I've been asked to click takes me to:
>http://68.213.208.2:5253/Sign In.html

And if you look at the source of that page you'll see that most of the
content links to ebay servers, except the login form which is submitted to
that same IP and port number...

The only people using IP numbers instead of names are the ones up to no
good (exceptions exist, I have done it at times).

more info from ebay about how to spot fakes here:
http://pages.ebay.co.uk/education/spooftutorial/spoof_3.html

They also give details how to report this to them.

Roos
 
Pete Biggs wrote:

> Is this likely to be genuine, and genuinely from eBay, or is it a scam
> from someone disguising themself as eBay to nick IDs and passwords?
>
> The link I've been asked to click takes me to:
> http://68.213.208.2:5253/Sign In.html

Unless Ebay have taken to using Bellsouth ADSL links to do their
business, I'd say 'scam' :)

keith:~$ host 68.213.208.2
Name: adsl-068-213-208-002.sip.bct.bellsouth.net
Address: 68.213.208.2

Probably a trojanned host. Might be worth telling bellsouth about it.

--
Keith Willoughby
Welcome to the police state - http://tinyurl.com/3cptb
 
On Wed, 07 Jul 2004 10:49:50 +0100, Pete Biggs wrote:

> I've just received an email asking me to "verify" my "personal
> information" because "you or someone else had used your identity to make
> false purchases on eBay...".
>
> Is this likely to be genuine, and genuinely from eBay, or is it a scam
> from someone disguising themself as eBay to nick IDs and passwords?
>
> The link I've been asked to click takes me to:
> http://68.213.208.2:5253/Sign In.html

I wonder, why would Ebay's security department have a web page on a PC
connected through a Bell South ADSL line?

eugenio@lasagna:~> host 68.213.208.2
2.208.213.68.in-addr.arpa domain name pointer
adsl-068-213-208-002.sip.bct.bellsouth.net.

It's a scam. Plus, IIRC it's eBay policy that no matter what, you NEVER
have to re-enter your registration details, and especially your password,
except for regular logins

That's probably a r00t3d PC on which the evil script kiddie has installed
a minimal web server to serve that page and send him whatever people input
on the forms - completely without the knowledge of its owner

Oh, and in addition, the URL it claims it's sending you to is on a
different IP address from the one you're actually sent to - the first and
foremost indicator of a scam.

Eugenio
 
"Pete Biggs" <ppear{remove_fruit}@biggs.tc> wrote in message
news:[email protected]...
> I've just received an email asking me to "verify" my "personal
> information" because "you or someone else had used your identity to make
> false purchases on eBay...".


Unless the email was posted directly to you as Pete Biggs, rather
than just "member" and referred to your Ebay name then its a hoax.

In other words unless the email contains information which only you
and Ebay know - or which soemone has gone to a lot of trouble to find
out - or maybe a previous customer might know, then its a hoax.

If it contains generalised rubbish - dear Ebay member - and nothing
specific then its a hoax.

Try copying and pasting the link ino "Word" or "Wordpad". This will
give you the genuine address behind the phoney address, if it is one.


Curious
 
Its a scam - my advice is to get in touch with ebay directly.
 
On Wed, 07 Jul 2004 10:49:50 +0100, Pete Biggs wrote:

> I've just received an email asking me to "verify" my "personal
> information" because "you or someone else had used your identity to make
> false purchases on eBay...".
>
> Is this likely to be genuine, and genuinely from eBay, or is it a scam
> from someone disguising themself as eBay to nick IDs and passwords?
>
> The link I've been asked to click takes me to:
> http://68.213.208.2:5253/Sign In.html
>
The numerical IP address in this URL, rather than a hostname,
rings alarm bells with me.
The IP Address resolves to adsl-068-213-208-002.sip.bct.bellsouth.net
From that, I'd say this is an ADSL connection in the USA, either a
home machine or a small office.
 
"Pete Biggs" <ppear{remove_fruit}@biggs.tc> wrote in message
news:[email protected]...
> I've just received an email asking me to "verify" my "personal
> information" because "you or someone else had used your identity to make
> false purchases on eBay...".
>
> Is this likely to be genuine, and genuinely from eBay, or is it a scam
> from someone disguising themself as eBay to nick IDs and passwords?
>
> The link I've been asked to click takes me to:
> http://68.213.208.2:5253/Sign In.html
>

It's got to be fraudulent, however http://scgi.ebay.com looks genuine ebay
so I don't know why it was taking you to the address you give above.

I'd check your machine to see if you have a virus which is intercepting the
link, try typing the same link on a different machine.
 
Pete Biggs wrote:

> I've just received an email asking me to "verify" my "personal
> information" because "you or someone else had used your identity to make
> false purchases on eBay...".
>
> Is this likely to be genuine, and genuinely from eBay, or is it a scam
> from someone disguising themself as eBay to nick IDs and passwords?

It's clearly a fake. There are many of these, often quite clever.

> The link I've been asked to click takes me to:
> http://68.213.208.2:5253/Sign In.html

mark@mauve:~$ dig -x 68.213.208.2

; <<>> DiG 9.2.3 <<>> -x 68.213.208.2
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20473
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;2.208.213.68.in-addr.arpa. IN PTR

;; ANSWER SECTION:
2.208.213.68.in-addr.arpa. 43200 IN PTR
adsl-068-213-208-002.sip.bct.bellsouth.net.

To those of you that don't read reverse DNS queries, this basically
means that the sign-in page linked to on the mail is hosted by a
BellSouth ADSL line. I'm guessing that's not how eBay works...

Report it to [email protected], although the link no longer works.

--
Mark.
 
Clive George wrote:

>> http://scgi.ebay.com/verify_id=ebay&user=[number]
>
> Is there more to that url in the original? (other than limewhatever)

No, just a number, without any letters; not my user ID.

> Look like bollocks to me anyway.

Thank you very much indeed to everyone who's replied. I'll report it to
eBay and will try and warn others of the scam. I neearly fell for it!
That login page it brings up looks /so/ familiar that it'd be all too easy
to type in ID and passwords without thinking about it.

~PB
 
On Wed, 07 Jul 2004 11:29:45 +0100, Mark Tranchant wrote:

> mark@mauve:~$ dig -x 68.213.208.2

Makes me wonder...

is there a relationship between Linux/*nix and cycling?

I've seen far more Linux command line outputs in the replies thain I
would have expected, especially given the familiar statistics that report
< 1% market penetration for Linux on the desktop...

Eugenio
 
On Wed, 7 Jul 2004 11:34:51 +0100, Pete Biggs
<ppear{remove_fruit}@biggs.tc> wrote:


> Thank you very much indeed to everyone who's replied. I'll report it to
> eBay and will try and warn others of the scam. I neearly fell for it!
> That login page it brings up looks /so/ familiar that it'd be all too
> easy
> to type in ID and passwords without thinking about it.

There are similar one's for banks from time to time. I got one the other
day from "Barclays" asking me to confirm my security details to continue
to access my online account. I've never had an account at Barclays so I
didn't take much time to decide it was a con.

Colin
 
On Wed, 07 Jul 2004 11:34:51 +0100, Pete Biggs wrote:

> Clive George wrote:
>
>>> http://scgi.ebay.com/verify_id=ebay&user=[number]
>>
>> Is there more to that url in the original? (other than limewhatever)
>
> No, just a number, without any letters; not my user ID.
>
That number will be the IP address on Bellsouth.
Can we have the number please?
And the URL will act to redirect you there.
 
"Pete Biggs" <ppear{remove_fruit}@biggs.tc> wrote in message
news:[email protected]...
> John Hearns wrote:
>
> >> Clive George wrote:
> >>>> http://scgi.ebay.com/verify_id=ebay&user=[number]
> >>>
> >>> Is there more to that url in the original? (other than limewhatever)
> >>
> >> No, just a number, without any letters; not my user ID.
> >>
> > That number will be the IP address on Bellsouth.
> > Can we have the number please?
>
> http://scgi.ebay.com/verify_id=ebay&user=00626654
>
> ~PB
>

SCGI.COM is a domain name of NETWORK SOLUTIONS, INC.

It looks as though someone's hacked into the Network Solutions
site and installed a directory called "Ebay" on there.
With all the necessary subdirectories



Curious










>
 
"Pete Biggs" <ppear{remove_fruit}@biggs.tc> wrote in message
news:[email protected]...
> John Hearns wrote:
>
> >> Clive George wrote:
> >>>> http://scgi.ebay.com/verify_id=ebay&user=[number]
> >>>
> >>> Is there more to that url in the original? (other than limewhatever)
> >>
> >> No, just a number, without any letters; not my user ID.
> >>
> > That number will be the IP address on Bellsouth.
> > Can we have the number please?
>
> http://scgi.ebay.com/verify_id=ebay&user=00626654

Now I'm confused. How does the redirection work withi this? (is it that
scgi.ebay isn't working/isn't real?)

(this question not aimed at Pete!)

cheers,
clive
 
Colin Blackburn wrote:
> On Wed, 7 Jul 2004 11:34:51 +0100, Pete Biggs
> <ppear{remove_fruit}@biggs.tc> wrote:
> > Thank you very much indeed to everyone who's replied. I'll report it
> > to eBay and will try and warn others of the scam. I neearly fell for
> > it! That login page it brings up looks /so/ familiar that it'd be all
> > too easy to type in ID and passwords without thinking about it.
> There are similar one's for banks from time to time. I got one the other
> day from "Barclays" asking me to confirm my security details to continue
> to access my online account. I've never had an account at Barclays so I
> didn't take much time to decide it was a con.
> Colin



Yup, I've had Barclays, Citibank and another bank with whom I have also
never had an account. They harvested my email address from my website,
the address is used for nothing else so even if it claimed to be from my
own bank I'd know it was a scam.



--
 
In article <[email protected]>,
"Pete Biggs" <ppear{remove_fruit}@biggs.tc> writes:

> The link I've been asked to click takes me to:

If you (or anyone) visited that with a Micros**t so-called browser,
your next port of call should be one of the many pages explaining
what it may have left behind. For example,
http://www.theregister.co.uk/2004/06/30/ie_malware_attack/

In fact, even if you didn't visit a link that's known to be malicious,
you should still read the above. Large numbers of IIS servers are
passive vectors for it. And since IIS has about a 20% market share,
the statistical chances of having visited some of them are high.

--
Nick Kew

Nick's manifesto: http://www.htmlhelp.com/~nick/
 
You must log in or register to reply here.

Similar threads

D
Re: "eBay Safeharbor Department Notice"?
Replies
28
Views
550
UK and Europe
Dave Kahn
D
P
OT: "eBay Safeharbor Department Notice"?
Replies
208
Views
8K
UK and Europe
Gawnsoft
G
D
Just spotted this on ebay
Replies
4
Views
365
UK and Europe
Kenneth MacKenzie
K
T
Pino on Ebay
Replies
1
Views
457
UK and Europe
[email protected]
L
B
Bikes off Ebay good value?
Replies
3
Views
587
UK and Europe
vernon
V
Top Bottom Back