I received the following from eBay’s crack service department this morning:

Dear eBay User,

During our regular update and verification of the accounts, we couldn’t verify your current information. Either your information has changed or it is incomplete. You are to update and verify your information by clicking on the link below.

If your account information is not updated within 5 days, your access to bid or buy on eBay will be restricted.

Please go to the link below and enter the information required:

http://www.ebay.com/accounts/member/avncenter/?[etc]

Now, since I receive about one of these scams a day, I knew there was something wrong with it, but it took me a while to figure it out. After all, the URL they were sending me to is obviously an eBay address. And it’s a plain-text message; Outlook converts lines that begin with “”http://” into clickable links.

But…

First, the header shows that it didn’t come from eBay. (If you’re using Outlook, you have to click on View->Options to see the header info. Oh yeah, real obvious.)

Second, it’s not really a text message. It’s html formatted to look like plain text.

Third, if you look at the source of the html, you see that the link doesn’t really go where it says. It goes to:

which gets translated by the browser into an IP address that is not eBay’s. “billing.ebay.com” is the “user name.” (The Opera browser caught this trick and asked me to confirm that I want to go there. And I’ve made some random changes in the address just in case.)

Finally, if I check my eBay account by going to ebay.com via my browser, I see there’s no problem with my account.

I’m sure this is an old trick (and I’m not sure I’ve figured it out accurately). It was just a new one on me.

Categories: Uncategorized dw