posted on September 15, 2006 11:22:22 AM new
I usually check my email first thing in the morning. Had not logged into eBay yet and was still half groggy while reading email. The buyer's ID looked familiar so I almost clicked on the link. I could have easily fell for this if I was in the habit of responding to ASQ's from my personal mailbox.
This "Ask Seller Question" looks amazingly authentic. My seller name, auction number and description are correct on the headings. The only thing that looks amiss is the question. I use flat rate shipping. After close inspection, I also see that my registered name is not included in the header where it should be.
Every one of the click-able links takes me to an eBay sign-in page. Only, it is not a real eBay page.
If I used GetIp.com's tool correctly, this email originated right here in the good ole USA.
City: Littleton
StateProv: CO
PostalCode: 80124
Return-Path: <[email protected]>
X-Spam-Checker-Version: Knology SpamFryer (2005-09-13) on
spamlite8.mailservers
X-Spam-Status: -2.6 hits, 5.0 required
Delivered-To: [email protected]
Received: (qmail 3051 invoked by uid 0); 15 Sep 2006 14:59:57 -0000
Received: from unknown (HELO smtp05.ebey.com) (66.194.127.135)
by spamlite8.knology.net with SMTP; 15 Sep 2006 14:59:57 -0000
Received: from smtp05.ebey.com (smtp05.ebey.com [127.0.0.1]) by
smtp05.ebey.com (8.13.4/8.13.4) with ESMTP id 4984355796 for
<[email protected]>; Fri, 15 Sep 2006 10:59:55 -0400
Date: Fri, 15 Sep 2006 10:59:55 -0400
Message-ID: <[email protected]>
To: [email protected]
Subject: Question for item #3200271xxxxx - MY item Title here
From: "eBay Member: jsmith6284" <[email protected]>
Mime-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
X-Antivirus: avast! (VPS 0637-2, 09/15/2006), Inbound message
X-Antivirus-Status: Clean
Unfortunately , even that is misleading. I'm willing to bet that this buyer has had their personal email account hijacked and the hacker is sending these emails from a stolen account.
The buyer opened an account on eBay in March and has since been NRU'd.
I am going to check my shipping records. I think I recently shipped a package to Littleton and wonder if the hacker could have retrieved an email from the stolen account and "doctored" it with his own links.
[ edited by LtRay on Sep 15, 2006 11:48 AM ]
posted on September 15, 2006 11:54:55 AM new
Nice catch on the email Fluffy! Thanks!
Yes, I noticed the "ebey". Seems most of the fake ASQ's have that in the address.
Interesting thing about ebey.com is that they are right here in the US
OrgName: Jupiter Hosting Corporation
OrgID: JHC-13
Address: 2784 Homestead Road #360
City: Santa Clara
StateProv: CA
PostalCode: 95051-5353
Country: US
Another totally useless bit of trivia, the origination of the fake login page is in Australia
OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU
And I thought those Auzzies were a pretty good bunch of blokes <g> Just kidding, I'm doubt the jerk is Australian
