You might also contact the U.S. Secret Service, as this type of crime is covered by this mission statement. (See http://www.secretservice.gov/mission.shtml). -Chris ----- Original Message ----- From: <jlewisat_private> To: "Logan F.D. Greenlee" <lgreenleeat_private> Cc: <incidentsat_private> Sent: Sunday, December 08, 2002 11:45 PM Subject: Re: EBay Fraud Attempt > This is definitely an attempt to socially engineer your credit card info, > bank account info, and enough personal information to commit identity > theft against anyone dumb enough to fill out the form (and I'm sure there > are many suckers out there). You should immediately forward a copy to at > least the following: > > privacyat_private (don't know if this is the best contact, but it's all I > found in a quick look at their site). This is the sort of thing Ebay will > sick their lawyers on for use of the ebay name. > > nocat_private (they're the tech contact for the IP block > www.ebayupdates.com resolves to) > > domain.tech@YAHOO-INC.COM (they're the tech contact for the domain > ebayupdates.com, which seems to be registered to some creep in Niceville, > FL (which sounds fake, but actually exists)). > > It wouldn't hurt to try to notify the FBI and local Niceville police...but > how much time to you want to spend on this? Odds are, you'll have to > place several calls and talk to multiple people before you find an > agent/officer who understands what a website is and why this one is bad. > If Ebay's security people return your message/call, maybe you can just ask > tem if they'll push the right buttons to get the FBI to pickup the person > responsible for the site. They're likely going to be more familiar with > what it takes to get some action. > > On Sat, 7 Dec 2002, Logan F.D. Greenlee wrote: > > > To the moderator: > > This is my first post, and I'm not sure that this is right list > > to be sending this to. If it isn't could you please tell me where I > > should send it? > > > > Hello All, > > About 24 Hours ago I received an e-mail from "EBay Billing" with > > the subject of "EBay Billing Error". However, I have not conducted any > > transactions in months, so I became suspicious. The text of the e-mail > > is below as well as the routing path, which would indicate that it was > > not in fact sent by eBay. Further, a visit to the site that is refrenced > > in the email leads to a page that is javascript encoded. Right click is > > disabled to prevent saving of the page. An inspection of the source > > would also indicate that the creators of the page do not want users to > > see where their information is going. I've looked around eBay and found > > no other pages that were constructed in a similar manner. Finally, I > > checked the WHOIS database entry for "ebayupdates.com" and found that > > the registrants were not eBay corporate but someone in Florida. Is it > > possible that this is a farily large scale attempt at gathering eBay > > users account and/or credit card information. > > > > Logan > > > > > > **** Message Header ***** > > Microsoft Mail Internet Headers Version 2.0 > > Received: from 195.73.193.7 ([24.232.235.26]) by ciretose.net with > > Microsoft SMTPSVC(5.0.2195.5329); > > Fri, 6 Dec 2002 19:03:46 -0500 > > Received: from unknown (HELO f64.law4.hotmail.com) (13.61.40.178) by > > ssymail.ssy.co.kr with smtp; Dec, 06 2002 3:57:55 PM -0100 > > Received: from sparc.isl.net ([45.55.85.241]) by > > anther.webhostingtalk.com with NNFMP; Dec, 06 2002 2:52:05 PM -0300 > > Received: from [177.34.196.8] by f64.law4.hotmail.com with NNFMP; Dec, > > 06 2002 1:46:01 PM +1100 > > From: Ebay Billing <Billingat_private> > > To: loganat_private > > Cc: > > Subject: Ebay Billing Error > > Sender: Ebay Billing <Billingat_private> > > Mime-Version: 1.0 > > Content-Type: text/html; charset="iso-8859-1" > > Date: Fri, 6 Dec 2002 16:02:56 -0800 > > X-Mailer: eGroups Message Poster > > Return-Path: Billingat_private > > Message-ID: <DCxgX3kT8fP682w9hWb00000009at_private> > > X-OriginalArrivalTime: 07 Dec 2002 00:03:49.0430 (UTC) > > FILETIME=[1E97BD60:01C29D84] > > **** End Message Header ***** > > > > **** Message Contents ***** > > Dear Ebay Member, > > We at Ebay are sorry to inform you that we are having problems with the > > billing information of your account. We would appreciate it if you would > > visit our website [Ebay Billing Center] <http://www.ebayupdates.com> and > > fill out the proper information that we are needing to keep you as an > > Ebay member. > > If you think you have received this email as an error, please visit our > > website and fill out the neccesary information. That way we can make > > sure that everything is up to date! Again here is the link to > > our website. Ebay Billing Center <http://www.ebayupdates.com> > > Joe Watson > > Ebay Billing Center > > Rep ID. 32A > > Thank you for your business. > > The Ebay Staff. > > ************************************************************************ > > ******** ********************************* > > Do not reply to this e-mail, for assistance contact the customer service > > team. > > ************************************************************************ > > ******** ********************************* > > ***** Message Contents ****** > > > > > > > > > > -------------------------------------------------------------------------- -- > > This list is provided by the SecurityFocus ARIS analyzer service. > > For more information on this free incident handling, management > > and tracking system please see: http://aris.securityfocus.com > > > > ---------------------------------------------------------------------- > Jon Lewis *jlewisat_private*| I route > System Administrator | therefore you are > Atlantic Net | > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ > > > -------------------------------------------------------------------------- -- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 09:45:02 PST