REPORT SUMMARY
Date Reported
31st December 2003
Apparent Sender
eBay
Subject
Your eBay account could be suspended
Senders Address
(spoofed)
suspend
@ebay.com
Content
text and a
file attachment
wich opens a
fake
eBay
web page
(see images)
Spoofed Web page/site?
Yes
Web page/site
content
forged eBay web
sign in page
Web page/site origin
URL
none shown
Identity Theft method
form data is sent
on to scammers
via a web
form
processing service
and into an mol.com
email address
More...
Latest
phishing
scam
Another
Bank Email Scam
See our guide to
phishing scams
Other
Resources...
See our guides to
Free Utilities...
List of
Auction Sites
Your eBay account could be suspended -
Email Scam
31st December 2003
An email with an attachment claims that you will
be suspended - but its a scam ...
This spoof email (as eBay and Paypal like to call these email scams) takes the form of a text email with a file attachment (see images below).
We were concerned about the presence of a virus to start with, but found that the attachment was actually a forged eBay sign in page (which opens in your browser).
The email text urges you to use the file attachment to sign in and therefore resolve some apparent 'problems' with your eBay account. This is of-course, a complete fabrication, and opening the file attachment will open the said fake sign in page.
The sign in page is constructed using eBay's own code and graphics, so looks very convincing, but it is further coded to send any data entered to the scammers via a form-mail processing service provided by Canadian firm Netfirms (sslpowered.com). We also found that the data was sent on to an email address at Mol Online in Kuala Lumpur, Malaysia (rupemeuropa@mol.com).
Stay informed of the latest Spoof Email Phishing Scams with either of our FREE alert services...
Email
Alerts
Add your email address to our email alert service...
Subscribe
Privacy Policy
RSS
News Feed
Tap into our Scam Alert service using your News Reader or Aggregator (including
My Yahoo!).
Scam Alert News Feed
You can even put the latest alerts on your own web site.
FORWARD
YOUR EMAIL SCAMS
TO KU.OC.SELIMSRELLIM@FOOPS
and help us to
build awareness and
help others
It
is clear that once the username is in the possession of the fraudsters,
they would hijack that account. Hijacked accounts have frequently
been used to list high value consumer goods (including Digital Cameras
and Televisions) and bidders payments have been taken but no goods sent.
If you have received this hoax email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive more and usually a day or two after the first, although not necessarily from the same apparent sender.
Take a good look at the following images, because this hoax email scam may be coming to an inbox near you!
The Email ...
The fake Sign In page seen when opening the attachment ...
