OT: "eBay Safeharbor Department Notice"?

Discussion in 'UK and Europe' started by Wild Wind, Jul 6, 2004.

  1. Wild Wind

    Wild Wind Guest

    "Dr Curious" <[email protected]> wrote in message
    news:[email protected]

    <snip>

    Dr. Curious,

    Just to get back to the original debate, you are saying
    that http://scgi.ebay.com means that the domain is owned by
    scgi.com, right?

    Let's try a bit of empiricism. How would then explain the
    ownership of http://pages.ebay.com, (which on visiting appears
    to be owned more by ebay.com than pages.com) or
    http://news.bbc.co.uk (more bbc.co.uk than news.co.uk)?
    Or have I got this all wrong?

    --
    Akin

    aknak at aksoto dot idps dot co dot uk
     
    Tags:


  2. Pete Biggs

    Pete Biggs Guest

    I've just received an email asking me to "verify" my "personal
    information" because "you or someone else had used your identity to make
    false purchases on eBay...".

    Is this likely to be genuine, and genuinely from eBay, or is it a scam
    from someone disguising themself as eBay to nick IDs and passwords?

    The link I've been asked to click takes me to:
    http://68.213.208.2:5253/Sign In.html

    Copy of email follows (I've replaced certain numbers/part of URLs with
    "[number]"):

    -------------------------------------------------
    eBay Safeharbor Department Notice

    Fraud Alert ID : [number]

    Dear eBay member,

    You have received this email because you or someone else had used your
    identity to make false purchases on eBay. For security reasons, we are
    required to open an investigation on this matter. We treat online fraud
    seriously and all cases which cannot be resolved between eBay and the
    other involved party are forwarded for further investigations to the
    proper authorities. To speed up this process, you are required to verify
    your personal information against the eBay account registration data we
    have on file by following the link below.

    http://scgi.ebay.com/verify_id=ebay&user=[number]

    Please save this fraud alert id for your reference.

    When submitting sensitive information via the website, your information is
    protected both online and off-line. When our registration/order form asks
    users to enter sensitive information (such as credit card number and/or
    social security number), that information is encrypted and is protected
    with the best encryption software in the industry - SSL.

    Please Note - If your account informations are not updated within the next
    72 hours, we will assume this account is fraudulent and it will be
    suspended. We apologize for this inconvenience, but the purpose of this
    verification is to ensure that your eBay account has not been fraudulently
    used and to combat fraud.

    We apreciate your support and understading, as we work together to keep
    eBay a safe place to trade.

    Thank you for your patience in this matter.

    Regards, Safeharbor Department (Trust and Safety Department)
    eBay Inc
    -------------------------------------------------

    Thanks
    ~PB
     
  3. Roos Eisma

    Roos Eisma Guest

    "Pete Biggs" <ppear{remove_fruit}@biggs.tc> writes:

    >I've just received an email asking me to "verify" my "personal
    >information" because "you or someone else had used your identity to make
    >false purchases on eBay...".


    >Is this likely to be genuine, and genuinely from eBay, or is it a scam
    >from someone disguising themself as eBay to nick IDs and passwords?


    My vote is for scam.

    >The link I've been asked to click takes me to:
    >http://68.213.208.2:5253/Sign In.html


    And if you look at the source of that page you'll see that most of the
    content links to ebay servers, except the login form which is submitted to
    that same IP and port number...

    The only people using IP numbers instead of names are the ones up to no
    good (exceptions exist, I have done it at times).

    more info from ebay about how to spot fakes here:
    http://pages.ebay.co.uk/education/spooftutorial/spoof_3.html

    They also give details how to report this to them.

    Roos
     
  4. Pete Biggs wrote:

    > Is this likely to be genuine, and genuinely from eBay, or is it a scam
    > from someone disguising themself as eBay to nick IDs and passwords?
    >
    > The link I've been asked to click takes me to:
    > http://68.213.208.2:5253/Sign In.html


    Unless Ebay have taken to using Bellsouth ADSL links to do their
    business, I'd say 'scam' :)

    keith:~$ host 68.213.208.2
    Name: adsl-068-213-208-002.sip.bct.bellsouth.net
    Address: 68.213.208.2

    Probably a trojanned host. Might be worth telling bellsouth about it.

    --
    Keith Willoughby
    Welcome to the police state - http://tinyurl.com/3cptb
     
  5. On Wed, 07 Jul 2004 10:49:50 +0100, Pete Biggs wrote:

    > I've just received an email asking me to "verify" my "personal
    > information" because "you or someone else had used your identity to make
    > false purchases on eBay...".
    >
    > Is this likely to be genuine, and genuinely from eBay, or is it a scam
    > from someone disguising themself as eBay to nick IDs and passwords?
    >
    > The link I've been asked to click takes me to:
    > http://68.213.208.2:5253/Sign In.html


    I wonder, why would Ebay's security department have a web page on a PC
    connected through a Bell South ADSL line?

    [email protected]:~> host 68.213.208.2
    2.208.213.68.in-addr.arpa domain name pointer
    adsl-068-213-208-002.sip.bct.bellsouth.net.

    It's a scam. Plus, IIRC it's eBay policy that no matter what, you NEVER
    have to re-enter your registration details, and especially your password,
    except for regular logins

    That's probably a r00t3d PC on which the evil script kiddie has installed
    a minimal web server to serve that page and send him whatever people input
    on the forms - completely without the knowledge of its owner

    Oh, and in addition, the URL it claims it's sending you to is on a
    different IP address from the one you're actually sent to - the first and
    foremost indicator of a scam.

    Eugenio
     
  6. Dr Curious

    Dr Curious Guest

    "Pete Biggs" <ppear{remove_fruit}@biggs.tc> wrote in message
    news:[email protected]
    > I've just received an email asking me to "verify" my "personal
    > information" because "you or someone else had used your identity to make
    > false purchases on eBay...".



    Unless the email was posted directly to you as Pete Biggs, rather
    than just "member" and referred to your Ebay name then its a hoax.

    In other words unless the email contains information which only you
    and Ebay know - or which soemone has gone to a lot of trouble to find
    out - or maybe a previous customer might know, then its a hoax.

    If it contains generalised rubbish - dear Ebay member - and nothing
    specific then its a hoax.

    Try copying and pasting the link ino "Word" or "Wordpad". This will
    give you the genuine address behind the phoney address, if it is one.


    Curious
     
  7. Temp3st

    Temp3st Guest

    Its a scam - my advice is to get in touch with ebay directly.
     
  8. Clive George

    Clive George Guest

  9. John Hearns

    John Hearns Guest

    On Wed, 07 Jul 2004 10:49:50 +0100, Pete Biggs wrote:

    > I've just received an email asking me to "verify" my "personal
    > information" because "you or someone else had used your identity to make
    > false purchases on eBay...".
    >
    > Is this likely to be genuine, and genuinely from eBay, or is it a scam
    > from someone disguising themself as eBay to nick IDs and passwords?
    >
    > The link I've been asked to click takes me to:
    > http://68.213.208.2:5253/Sign In.html
    >

    The numerical IP address in this URL, rather than a hostname,
    rings alarm bells with me.
    The IP Address resolves to adsl-068-213-208-002.sip.bct.bellsouth.net
    From that, I'd say this is an ADSL connection in the USA, either a
    home machine or a small office.
     
  10. Frank X

    Frank X Guest

    "Pete Biggs" <ppear{remove_fruit}@biggs.tc> wrote in message
    news:[email protected]
    > I've just received an email asking me to "verify" my "personal
    > information" because "you or someone else had used your identity to make
    > false purchases on eBay...".
    >
    > Is this likely to be genuine, and genuinely from eBay, or is it a scam
    > from someone disguising themself as eBay to nick IDs and passwords?
    >
    > The link I've been asked to click takes me to:
    > http://68.213.208.2:5253/Sign In.html
    >


    It's got to be fraudulent, however http://scgi.ebay.com looks genuine ebay
    so I don't know why it was taking you to the address you give above.

    I'd check your machine to see if you have a virus which is intercepting the
    link, try typing the same link on a different machine.
     
  11. Pete Biggs wrote:

    > I've just received an email asking me to "verify" my "personal
    > information" because "you or someone else had used your identity to make
    > false purchases on eBay...".
    >
    > Is this likely to be genuine, and genuinely from eBay, or is it a scam
    > from someone disguising themself as eBay to nick IDs and passwords?


    It's clearly a fake. There are many of these, often quite clever.

    > The link I've been asked to click takes me to:
    > http://68.213.208.2:5253/Sign In.html


    [email protected]:~$ dig -x 68.213.208.2

    ; <<>> DiG 9.2.3 <<>> -x 68.213.208.2
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20473
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

    ;; QUESTION SECTION:
    ;2.208.213.68.in-addr.arpa. IN PTR

    ;; ANSWER SECTION:
    2.208.213.68.in-addr.arpa. 43200 IN PTR
    adsl-068-213-208-002.sip.bct.bellsouth.net.

    To those of you that don't read reverse DNS queries, this basically
    means that the sign-in page linked to on the mail is hosted by a
    BellSouth ADSL line. I'm guessing that's not how eBay works...

    Report it to [email protected], although the link no longer works.

    --
    Mark.
     
  12. Pete Biggs

    Pete Biggs Guest

    Clive George wrote:

    >> http://scgi.ebay.com/verify_id=ebay&user=[number]

    >
    > Is there more to that url in the original? (other than limewhatever)


    No, just a number, without any letters; not my user ID.

    > Look like bollocks to me anyway.


    Thank you very much indeed to everyone who's replied. I'll report it to
    eBay and will try and warn others of the scam. I neearly fell for it!
    That login page it brings up looks /so/ familiar that it'd be all too easy
    to type in ID and passwords without thinking about it.

    ~PB
     
  13. On Wed, 07 Jul 2004 11:29:45 +0100, Mark Tranchant wrote:

    > [email protected]:~$ dig -x 68.213.208.2


    Makes me wonder...

    is there a relationship between Linux/*nix and cycling?

    I've seen far more Linux command line outputs in the replies thain I
    would have expected, especially given the familiar statistics that report
    < 1% market penetration for Linux on the desktop...

    Eugenio
     
  14. On Wed, 7 Jul 2004 11:34:51 +0100, Pete Biggs
    <ppear{remove_fruit}@biggs.tc> wrote:


    > Thank you very much indeed to everyone who's replied. I'll report it to
    > eBay and will try and warn others of the scam. I neearly fell for it!
    > That login page it brings up looks /so/ familiar that it'd be all too
    > easy
    > to type in ID and passwords without thinking about it.


    There are similar one's for banks from time to time. I got one the other
    day from "Barclays" asking me to confirm my security details to continue
    to access my online account. I've never had an account at Barclays so I
    didn't take much time to decide it was a con.

    Colin
     
  15. Pete Biggs

    Pete Biggs Guest

  16. John Hearns

    John Hearns Guest

    On Wed, 07 Jul 2004 11:34:51 +0100, Pete Biggs wrote:

    > Clive George wrote:
    >
    >>> http://scgi.ebay.com/verify_id=ebay&user=[number]

    >>
    >> Is there more to that url in the original? (other than limewhatever)

    >
    > No, just a number, without any letters; not my user ID.
    >

    That number will be the IP address on Bellsouth.
    Can we have the number please?
    And the URL will act to redirect you there.
     
  17. Dr Curious

    Dr Curious Guest

    "Pete Biggs" <ppear{remove_fruit}@biggs.tc> wrote in message
    news:[email protected]
    > John Hearns wrote:
    >
    > >> Clive George wrote:
    > >>>> http://scgi.ebay.com/verify_id=ebay&user=[number]
    > >>>
    > >>> Is there more to that url in the original? (other than limewhatever)
    > >>
    > >> No, just a number, without any letters; not my user ID.
    > >>

    > > That number will be the IP address on Bellsouth.
    > > Can we have the number please?

    >
    > http://scgi.ebay.com/verify_id=ebay&user=00626654
    >
    > ~PB
    >


    SCGI.COM is a domain name of NETWORK SOLUTIONS, INC.

    It looks as though someone's hacked into the Network Solutions
    site and installed a directory called "Ebay" on there.
    With all the necessary subdirectories



    Curious










    >
     
  18. Clive George

    Clive George Guest

    "Pete Biggs" <ppear{remove_fruit}@biggs.tc> wrote in message
    news:[email protected]
    > John Hearns wrote:
    >
    > >> Clive George wrote:
    > >>>> http://scgi.ebay.com/verify_id=ebay&user=[number]
    > >>>
    > >>> Is there more to that url in the original? (other than limewhatever)
    > >>
    > >> No, just a number, without any letters; not my user ID.
    > >>

    > > That number will be the IP address on Bellsouth.
    > > Can we have the number please?

    >
    > http://scgi.ebay.com/verify_id=ebay&user=00626654


    Now I'm confused. How does the redirection work withi this? (is it that
    scgi.ebay isn't working/isn't real?)

    (this question not aimed at Pete!)

    cheers,
    clive
     
  19. MSeries

    MSeries Guest

    Colin Blackburn wrote:
    > On Wed, 7 Jul 2004 11:34:51 +0100, Pete Biggs
    > <ppear{remove_fruit}@biggs.tc> wrote:
    > > Thank you very much indeed to everyone who's replied. I'll report it
    > > to eBay and will try and warn others of the scam. I neearly fell for
    > > it! That login page it brings up looks /so/ familiar that it'd be all
    > > too easy to type in ID and passwords without thinking about it.

    > There are similar one's for banks from time to time. I got one the other
    > day from "Barclays" asking me to confirm my security details to continue
    > to access my online account. I've never had an account at Barclays so I
    > didn't take much time to decide it was a con.
    > Colin




    Yup, I've had Barclays, Citibank and another bank with whom I have also
    never had an account. They harvested my email address from my website,
    the address is used for nothing else so even if it claimed to be from my
    own bank I'd know it was a scam.



    --
     
  20. Nick Kew

    Nick Kew Guest

    In article <[email protected]>,
    "Pete Biggs" <ppear{remove_fruit}@biggs.tc> writes:

    > The link I've been asked to click takes me to:


    If you (or anyone) visited that with a Micros**t so-called browser,
    your next port of call should be one of the many pages explaining
    what it may have left behind. For example,
    http://www.theregister.co.uk/2004/06/30/ie_malware_attack/

    In fact, even if you didn't visit a link that's known to be malicious,
    you should still read the above. Large numbers of IIS servers are
    passive vectors for it. And since IIS has about a 20% market share,
    the statistical chances of having visited some of them are high.

    --
    Nick Kew

    Nick's manifesto: http://www.htmlhelp.com/~nick/
     
Loading...
Similar Threads - Safeharbor Department Notice
  1. RedRider2009
    Replies:
    1
    Views:
    1,204
  2. Ralph Ray
    Replies:
    6
    Views:
    5,489
Loading...