Heads up everyone, eBay scam

[Spaceman Spiff]

I just got this weird email and did some research. Same thing happened to me as this guy here on this link.

I don't get much spam/scams so I figure this might be pretty large. Just wanted to give everyone a heads up.

http://www.horizonroad.com/blog/?p=63

[Leonard Washington]

a modern internet browser would have caught that one right?

that's one of the oldest tricks in the book.

[Spaceman Spiff]

a modern internet browser would have caught that one right?

that's one of the oldest tricks in the book.

Well the thing is that my mom used my laptop to look for a laptop of her own so it wasn't too far out of the question. Figured she might have gotten on my eBay username and placed a bid or something by mistake.

[Zguy28]

My brother in law almost got taken by an Ebay Motors scammer. Guy had done some hacking and pointed the Ebay search result page to his own mirror site which had nothing to do with Ebay and was taking folks for tens of thousands.

Last I heard the FBI was involved.

[Mark The Homer]

Yep, versions of this have been around for a while. It's called phishing.

Never enter your password into a site brought to you via a link unless the url includes "https" - and also the url should make sense to you (as opposed to a bunch of numbers or something).

[Mr. S]

also, safest way to log into your ebay account to check if there is really a question or "bad password" or whatever is to just go to ebay.com directly and sign in yourself. Anything they send is always going to be there in your my ebay page.

[laurent]

a modern internet browser would have caught that one right?

that's one of the oldest tricks in the book.

A modern browser won't catch it, since it's basically a social engineering attack that doesn't rely on software exploits. The only way to really catch attacks like this is to have a pretty comprehensive understanding on how the Internet works.

TCP/IP, DNS, SSL and SMTP are fundamental concepts you have to at least understand on the surface to not fall victim to those kind of attacks.

A good helping of common sense is vital too, but most people are just too gullible to question the authenticity of email messages like this.

[SkinsOrlando]

This is going on with citibank as well, I have received multiple emails reporting my citibank password was recently changed and to log in and double check this is correct. I contacted citibank immediately and sent them the email to thefraud dept. Like the other posters have said, go to the site yourslef, never use a link.

[Mark The Homer]

This is going on with citibank as well, I have received multiple emails reporting my citibank password was recently changed and to log in and double check this is correct. I contacted citibank immediately and sent them the email to thefraud dept. Like the other posters have said, go to the site yourslef, never use a link.

I've received that one too. Problem is, I don't have any citibank accounts. D'oh!

[SkinsOrlando]

I've received that one too. Problem is, I don't have any citibank accounts. D'oh!

Well thats kind of how I knew immediately it was a scam, I have citibank accounts but have never accessed them online.

[DeanCollins]

a modern internet browser would have caught that one right?

that's one of the oldest tricks in the book.

got one of those last year and was puzzled when firefox didn't fill in the username and password, it took a few seconds to figure it out. I've gotten dozens of bogus 2nd chance offers (I guess that means I loose a lot of auctions )

[Seabee1973]

If you get those links send teh original email to Spoof@ebay.com or if it is paypal just put paypal in front of .com

to find out if its real or not paste it into your browser if it is a scam it wont come on they only work when clicking the link directly