Joho the Blog » A scam I might have fallen for
EverydayChaos
Everyday Chaos
Too Big to Know
Too Big to Know
Cluetrain 10th Anniversary edition
Cluetrain 10th Anniversary
Everything Is Miscellaneous
Everything Is Miscellaneous
Small Pieces cover
Small Pieces Loosely Joined
Cluetrain cover
Cluetrain Manifesto
My face
Speaker info
Who am I? (Blog Disclosure Form) Copy this link as RSS address Atom Feed

A scam I might have fallen for

I received the following from eBay’s crack service department this morning:

Dear eBay User,

During our regular update and verification of the accounts, we couldn’t verify your current information. Either your information has changed or it is incomplete. You are to update and verify your information by clicking on the link below.

If your account information is not updated within 5 days, your access to bid or buy on eBay will be restricted.

Please go to the link below and enter the information required:

http://www.ebay.com/accounts/member/avncenter/?[etc]

Now, since I receive about one of these scams a day, I knew there was something wrong with it, but it took me a while to figure it out. After all, the URL they were sending me to is obviously an eBay address. And it’s a plain-text message; Outlook converts lines that begin with “”http://” into clickable links.

But…

First, the header shows that it didn’t come from eBay. (If you’re using Outlook, you have to click on View->Options to see the header info. Oh yeah, real obvious.)

Second, it’s not really a text message. It’s html formatted to look like plain text.

Third, if you look at the source of the html, you see that the link doesn’t really go where it says. It goes to:

http://billing.ebay.com^%40195.%3106.%3162.%310/%7E%6Ded%69%66%6F/i%6D%61ge%73/eBay/%42%69l%6Cing.%68%74m

which gets translated by the browser into an IP address that is not eBay’s. “billing.ebay.com” is the “user name.” (The Opera browser caught this trick and asked me to confirm that I want to go there. And I’ve made some random changes in the address just in case.)

Finally, if I check my eBay account by going to ebay.com via my browser, I see there’s no problem with my account.

I’m sure this is an old trick (and I’m not sure I’ve figured it out accurately). It was just a new one on me.

Previous: « || Next: »

7 Responses to “A scam I might have fallen for”

  1. That’s the same basic scam that the PayPal e-mail that’s been going around for several months uses. There was a Bank of America one before that. Even if you DO click on it, you’ll see it in the URL of the page you go to. No damage done by just going to that page–only by entering your data there.

  2. Willing Dupe

    Good news! Based on a quick read, it seems that David Weinberger has written a step by step outline of how to con him out of vital DigID information, such that you could then impersonate him and use his vast line of eBay credit and good will to round o…

  3. EBay Scam Recirculates – Beware

    Beware email resembling this – The URL *listed* below is quasi-legitimate in that it actually is an eBay site. HOWEVER, if you click on the URL, you would be redirected. This isn’t the first of these, nor will it be…

  4. EBay Scam Recirculates – Beware

    Beware email resembling this – The URL *listed* below is quasi-legitimate in that it actually is an eBay site. HOWEVER, if you click on the URL, you would be redirected. This isn’t the first of these, nor will it be…

  5. Yes, right after taking a course at the Tirebiter School of Sarcasm.

  6. Nice site!

  7. Don’t you think this can be a hit or miss? But, when it works, you can come away with real results.

    free ebooks with resale rights

Leave a Reply

Comments (RSS).  RSS icon