Ebay and PayPal (continued)
I just got an email from eBay asking me to click thru and verify some information. It says that if I don't do this my account will be deactiviated as of March 15th.
How do I know this is a legit email?
How do I know someone isn't phishing eBay?
How do I know the link doesn't take me to some site where I will be shot full of spyware?
I am not going to click on the link but I will go visit eBay and hopefully they'll hit me with the same message when I get there (if in fact its legit).
This is a real problem and somebody needs to come up with a solution for it.
UPDATE: I went to eBay, checked out my account, looked at some auctions, etc and was never asked to verify my account. I assume the email was phishing and I have deleted it. This is nuts!
It's absolutely phishing. Rule of thumb: Never click on a link provided in an email from an alleged company. If you dug into the link and into the full header, you'd see that it's a fake.
Posted by: Jeff Jarvis | February 25, 2005 at 07:02 AM
Hover your cursor over the link - you'll usually see the real URL at the bottom of your browser window, and it won't be paypal.com
Posted by: Chris | February 25, 2005 at 07:44 AM
I agree with Jeff and not Chris. I have seen really sophisticated link construction going on that makes the javascript return a "real" URL when you hover over it, but actually intercepts your click and sends you to a sketchy scam site when you do.
I am techie, so I can view raw source on messages and pretty easily figure this stuff out and, in every case, it is phishing. If one does not know how to figure this type of thing out, then what I suggest is what I tell my mother: don't click on ANYTHING you get in email. Period. And buy a Mac.
Posted by: scott partee | February 25, 2005 at 08:09 AM
Here's a detailed write-up of one of the more sophisticated phishing techniques I've come across in the past few months, if you don't mind me posting a link to my own site.
Posted by: scott partee | February 25, 2005 at 08:14 AM
Companies seem to be putting the emphasis on the user taking responsibility. I think companies also need to take responsibility in the following ways:
I think companies need to be very clear exactly how they WILL and how they WILL NOT communicate with their customers. If I were responsible for writing email communications for a financial institution I would make it clear that any information contained in the email should be independently verified by the user by logging into the main website and would NOT provide any links in the email.
Despite being in Europe I've often received phishing emails for American banks. I've been disappointed to find that the banks on their homepages provide no quick and easy way to report these scam emails. Nor is there a link showing known scam emails.
James
Alternative Energy Blog
Posted by: Alternative Energy Blog | February 25, 2005 at 08:17 AM
Schneier on Security
http://www.schneier.com/blog
The Identity Corner
http://www.idcorner.org
Identity Woman
http://www.identitywoman.net
Kim Cameron's Identity Weblog
http://www.identityblog.com
Presentations & Audio :: Digital ID World 2004 Conference
http://conference.digitalidworld.com/2004/attendees/downloads.php
Posted by: Dimitar Vesselinov | February 25, 2005 at 08:41 AM
I thought the same thing when I first saw the recent Paypal account fruad emails going around. I went to paypal's website and didn't see anything.
So I took a closer look at the raw HTML in the email. Of course the link sent the user off to some random website. Without looking at the source that would have been hard to figure out.
The Internet as a whole needs to find an easy way to digitally sign messages. Yes PGP is out there but hardly anybody uses it, even though it isn't that complicated.
Posted by: spi | February 25, 2005 at 08:42 AM
Fred's right. A smart, thorough someone DOES need to figure it out in the broadest applicable terms.
Until that day comes it's going to get more sophisticated, more "effective" and generally more pervasive.
How long before email is the killer app that died on the vine?
Posted by: Gerald Buckley | February 25, 2005 at 08:57 AM
I would suggest getting SpamBayes or some other email spam filter - they are great at getting rid of these kinds of emails.
As Scott mentioned in the earlier comment, checking the hearders is the most reliable way to determine if it is SPAM or not, and most of the SPAM filters, like SpamBayes are quick to sort them to the junk folder... oh, did I mention SpamBayes is free?
Posted by: Jon Strande | February 25, 2005 at 09:01 AM
Stanford's CS department is working on a project to deal with this (I think). Check out their work on something called SpoofGuard.
Posted by: Jonathan Shieber | February 25, 2005 at 10:10 AM
Agreed that companies need to warn/protect their customers better.
I got such an e-mail "from eBay" a couple of weeks ago. After hunting all over eBay, I figured out that the best thing to do was to forward the suspect e-mail to spoof@ebay.com. I got a reply saying it was a fake and, of course, deleted it.
Next time you get such an e-mail, send it to spoof@ebay.com, so they can presumably track and prosecute the phishers.
Scary, though. I know that my mother, for instance, would have conscientiously responded immediately to the phishers.
Posted by: Liz L. | February 25, 2005 at 10:27 AM
Yet another reason why I'd love to use gmail as my e-mail client for everything... Gmail automatically picks up on phishing e-mails. When those paypal "verify your account" e-mails came through, I got a big red warning from Gmail that the e-mail may not have come from where I thought it came from and also gave me a link to read about phishing.
Posted by: Charlie | February 25, 2005 at 11:03 AM
Firefox update helps prevent Web site spoofing.
http://www.macworld.com/news/2005/02/25/firefox/index.php
Hope this helps
Posted by: Gadge | February 25, 2005 at 11:14 AM
I just got ANOTHER e-mail from a would-be eBay phisher.
Forwarded it to spoof@ebay.com and got this reply back within minutes, which is impressive:
Hello,
If you received an email message stating your account was suspended, it
is most likely a fake ("spoof") email. We advise you to be very cautious
of email messages that ask you to submit information such as your credit
card number or your email password. eBay will never ask you for
sensitive personal information such as passwords, bank account or credit
card numbers, Personal Identification Numbers (PINs), or Social Security
Numbers in an email.
I have reviewed your account and do not see any active suspensions on
your account. I can assure you that your account is not suspended or on
hold. If you are experiencing problems signing in, we may be able to
provide additional assistance to pinpoint the problem. In most cases,
you can request a new password for your account to regain access to it.
In addition, you can contact us by clicking on the help link at the top
of all eBay pages and selecting the "contact us" link.
If you are not writing from the email address of the eBay account in
question, please provide us with the User ID of that account to help us
resolve your sign-in issues.
Since you have received a spoofed email, your email address has most
likely been collected by a fraudulent source. As a result, you may
continue to receive spoofed emails for some time, as these groups move
from Website to Website setting up fraudulent email addresses, fake eBay
Web pages, and sending fraudulent emails.
We are committed to the security of the eBay site and our members. We
review every report we receive, and forward all vital information to the
appropriate authorities for further action and tracking. We work
actively and aggressively in partnership with many agencies, Internet
Service Providers and law enforcement groups to support their
investigation of these fraudulent entities. As a public company, we rely
on the same agencies you do to pursue these fraudulent activities.
If you have any doubt about whether an email message is from eBay,
please forward it immediately to spoof@ebay.com. Make sure that you do
not respond to it or click on any of the links in the email message.
Also, please do not change the subject line or edit the email in any way
when you forward it to eBay. This will help us track the source of the
message.
If you have already entered sensitive information as mentioned above,
you should take immediate action to protect your identity and online
accounts. We have developed an eBay help page with valuable information
regarding the steps you should take to protect yourself.
http://pages.ebay.com/help/confidence/isgw-account-theft-reporting.html
In addition, we have enacted several preventative measures and added
information to the eBay help pages to you spot fake emails. We would
also encourage you to take the opportunity now to learn more about spoof
emails. To access our Security Center, please see the following Web
page:
http://pages.ebay.com/securitycenter/index.html
Lastly, I recommend you download and install the eBay Toolbar. The eBay
Toolbar includes the Account Guard feature which will help to alert you
when you are visiting potentially fraudulent websites. For more
information, and to download the eBay Toolbar, please visit the
following link:
http://pages.ebay.com/help/confidence/account-guard.html
Once again, thank you for alerting us to the spoofed email you received.
Your efforts help us ensure that eBay remains a safe and vibrant online
marketplace.
Regards,
Ande
eBay SafeHarbor
Investigations Team
______________________________
Posted by: Liz L. | February 25, 2005 at 11:29 AM
It's sad, and the web world equivalent of "don't talk to strangers"...I'm just concerned that most people, like my sister or my mom don't know enough about this kind of a threat, and are the most vulnerable to them.
It's almost as if we need to be running Public Service Announcements in the traditional mass media, alongside of "Don't drink and Drive", "Fasten your seatbelts", and "Just Say No".
Posted by: Michael Parekh | February 25, 2005 at 11:31 AM
Fred, this is the first post of yours I've ever read and been disappointed by.
Yes, I agree this is a bad issue in general, and that something needs to be done about it.
That said, the solution to this at the right price point and trust level is almost certainly a minor "killer app" in the making.
For the larger companies, imagine a website that could integrate with your emailer and verify these emails - is there a business model here ?
As for myself, I believe it was you that turned me on to Cloudmark (SpamNet) - I never see these silly things thanks to them, and I have yet to see them mess up. So there's at least a workable solution for the moment.
But I am shocked, shocked I tell you, to see you jump over the opportunity and (seem to) head for a regulatory swamp - Can-Spam has shown exactly what that's worth :-)
MMM
Posted by: Mark Mullin | February 25, 2005 at 01:11 PM
Hey Mark - there is a killer solution at "the right price point". http://www.inboxgenius.com $1 per month per user. Service starts at $9.95/month for 10 users. DISCLAIMER - this is my product. ;-)
The reality is that simple (and yes, I mean simple) scams like the Ebay scam is easy for us to block. They can change up their emails as much as they want, and we still block them.
Posted by: David | February 26, 2005 at 09:48 AM
Sorry Fred, even after updating Movable Type like Anil suggested the last time I trackbacked you, it's still pinging you every time I update the post.
Posted by: Will Pate | February 26, 2005 at 08:15 PM
has anyone had Paypal steal money from thier account?
Posted by: kelley | March 26, 2005 at 12:48 AM
Notification of Limited Account Access - Security Measures ?
Can anyone explain e-mails with the subject of:
"Notification of Limited Account Access - Security Measures "
and links going to:
http://www.paypal.com.wscm.tk/us/webscr/Loginx.php
http://www.paypal.com.cgi-bin.wsst.tk/us/webscr/Loginx.php
Is this what this blog is talking about in regards to spoof e-mails ?
Name: www.paypal.com.wscm.tk
Address: 216.81.70.151
OrgName: Vortech Inc.
OrgID: VTC1
Address: 106 S. Semoran Blvd.
City: Orlando
StateProv: FL
PostalCode: 32807
Country: US
NetRange: 216.81.64.0 - 216.81.79.255
CIDR: 216.81.64.0/20
NetName: VORTECH-BLK-2
NetHandle: NET-216-81-64-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: DNS.ANONYMOUS-SERVERS.COM
NameServer: DNS2.ANONYMOUS-SERVERS.COM
Posted by: none | July 31, 2005 at 12:00 PM
Are these PayPal Spoof web sites ?
Bogus emails with the subject:
"Notification of Limited Account Access Final Notice"
http://www.paypal.com.tmsn.tk/us/webscr/Loginx.php
http://www.paypal.com.tmsk.tk/us/_auth/webscr-cmd-_login-run.htm
Posted by: Another Victim | August 27, 2005 at 01:22 AM
ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Posted by: maga | September 12, 2005 at 09:10 AM
curseurs - cuteftp - dessert - desserts - dessin - directx - download - downloads - ecran de veille - ecrans de veilles - edonkey - effet d optique
Posted by: curseurs | September 30, 2005 at 08:29 AM
ad aware - antivirus - antivirus gratuit - bitdefender - blague blonde - blague humour - clone cd - edonkey - emule - emule telecharger - firewall - horoscope chinois - jeux a telecharger - kazaa - kazaa lite - kazaa lite telecharger - kazaa telecharger - logiciel antivirus - logiciel a telecharger - messenger 7.5 - messenger msn - mp3 gratuit - mp3 telecharger - msn 7.5 telecharger - msn-messenger 7.5 - msn messenger 7.5 telecharger - msn telecharger - musique mp3 - nero - nero 6 - nero burning - nero burning rom - norton 2005 - norton antivirus 2005 - recette de cuisine - skype - tablature guitare - tarot - telecharger acrobat - telecharger antivirus - telecharger antivirus gratuit - telecharger chanson - telecharger clone cd - telecharger codec divx - telecharger divx - telecharger divx gratuit - telecharger divx gratuitement - telecharger divx player - telecharger emoticone - telecharger emoticone gratuit - telecharger emule - telecharger emule gratuit - telecharger e mule gratuit - telecharger emule gratuitement - telecharger e mule gratuitement - telecharger fr - telecharger kazaa en francais - telecharger kazaa gratuit - telecharger kazaa gratuitement - telecharger kazaa lite - telecharger logiciel divx - - telecharger messenger - telecharger messenger 7.5 - telecharger mp3 - telecharger msn 7.5 - telecharger msn 7.5 francais - telecharger msn gratuitement - telecharger msn mesenger - telecharger msn messager - telecharger msn messenger 7.5 - telecharger msn messenger 8.0 - telecharger msn messenger gratuit - telecharger msn messenger gratuitement - telecharger msn plus - telecharger music mp3 - telecharger musique gratuite - telecharger nero - telecharger nero 6 - telecharger nero gratuit - telecharger nero gratuitement - telecharger norton antivirus - telecharger norton antivirus 2005 - telecharger shareaza - telecharger shareaza gratuit - telecharger shareaza gratuitement - telecharger skype - telecharger winamp - telecharger winzip - telecharger winzip gratuit - telecharger yahoo messenger - winmx - zodiaque - zone alarm
Posted by: ad aware | November 17, 2005 at 06:00 AM
8th street latinas | 8thstreetlatinas | ass parade | assparade | bait bus | bang bus | bang my wife | bangbus gallery | bangbus | bangmywife | bare foot maniacs | big league facials | big mouthfuls | big natural boob | big natural | big naturals | big naturals breast | big tit patrol | big tits round asses | bigmouthfuls | bignaturals | bigtitpatrol | bigtitsroundasses | black monsters cock | blind date bangers | boobsquad | boys first time | bus stop whores milfhunter | busstopwhores | cam crush | camcrush | captain stabbin | captainstabbin | casting couch teens | coeds need cash | coedsneedcash | cum fiesta | cumfiesta | euro sex parties | eurosexparties | first time auditions | giants black meat white treat | horny spanish flies | hornyspanishflies | i spy camel toe | inthevip | ispycameltoe | lesbian threesome | mikeinbrazil milf hunter | mike in brazil | mikes apartment | mikesapartment | milf hunter | milf lessons | milf next door | milfhunter | milflessons | milfnextdoor | monster cock | monstersofcock | mr chew | mr chews asian beaver | mr skin | bangbus | oxpass | pimp 4 a day | Pimp My Black Teen | please bang my wife bang bus | pleasebangmywife | pump that ass | pumpthatass | round and brown | round n brown | roundandbrown | see her squirt | seehersquirt | street blow jobs | streetblowjobs ass parade | taylor bow | round and brown | taylorbow | teeny bopper club | teeny bopper | teenybopperclub | the big swallow | threesome | tinys black adventures | tinysblackadventures | tranny surprise | tug jobs | tugjobs | tunaparty | we live together | welivetogether | xxx proposal | xxxproposal
Posted by: 8th street latinas | November 18, 2005 at 12:03 PM