I received the above e mail message purportedly from firstname.lastname@example.org entitled “Ebay Fraud Verification Process.” It is deliciously ironic that an e mail message with this title is itself a fraudulent e mail message. In the trade, this type of message is known as a ‘spoof’ or “phish’ e mail, since it trolls the internet looking for people gullible enough to convey their personal data to perfect strangers. To learn how to counter such behavior, visit Ebay.com’s Security Center and learn how to identify fraudulent correspondence.
My message began:
Dear eBay user,
As part of our continuing commitment to protect your account and to reduce the instance of fraud on our website, we are undertaking a period review of our member accounts.
You are requested to visit our site by following the link given below
Please fill in the required information.
This is required for us to continue to offer you a safe and risk free environment to run your auctions, and maintain the eBay Experience.
The internet header for this fraudulent e mail is:
Received: from server1006.imagelinkusa.net ([220.127.116.11])
by rwcrmxc12.comcast.net (rwcrmxc12) with ESMTP
id <20031223132948r12001lljie>; Tue, 23 Dec 2003 13:29:48 +0000
Received: from nobody by server1006.imagelinkusa.net with local (Exim 4.24)
for email@example.com; Tue, 23 Dec 2003 08:29:47 -0500
Subject: Ebay Fraud Verification Process
Content-type: text/html; charset=iso-8859-1
Date: Tue, 23 Dec 2003 08:29:47 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – server1006.imagelinkusa.net
X-AntiAbuse: Original Domain – attbi.com
X-AntiAbuse: Originator/Caller UID/GID – [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain – server1006.imagelinkusa.net
Reviewing this closely, you’ll find that the mail server that originated this message was imagelinkusa.net and not ebay.com as the actual message’s From box read. It appears that this site was innocently hijacked by spammers who used the company’s mail server to distribute their garbage.
If you were so credulous as to actually visit the supposed Ebay.com survey page, you would’ve found a form which requested not only credit card information (as the fraudulent e mail stated), but also banking data and other highly confidential and personal information. I’m sorry to say that I actually began filling out the form, but when I got to the part which requested my bank information I said to myself: “Now, wait a second…I only use my credit card at Ebay.com. Why would they want my bank information?” That’s when I stopped filling the form out and e-mailed Ebay.com’s real customer support department, which informed me that this e mail is indeed a scam. Ebay.com never requests customer information through this type of e mail and you should never take the bait offered by these scammers. I’ve read this advice countless times myself on the web, but this fraudulent e mail was such a clever counterfeit of a real Ebay e mail and the survey site looked so much like a typical ebay page that I was fooled.
Ebay’s customer service rep responded to my message:
These emails are the result of a fraudulent entity who primarily targets members who are using their email address as their eBay User ID or have exposed their email address.
The message linked to the Security Center site which provides great tips on how to verify the authenticity of e mail messages from Ebay.com.