Re: [CR]Is this an ebay scam?

(Example: Framebuilding:Restoration)

Date: Fri, 21 Jan 2005 13:14:49 -0600
From: "John Thompson" <JohnThompson@new.rr.com>
Organization: The Crimson Permanent Assurance
To: kaufmann@crsa.bu.edu
Subject: Re: [CR]Is this an ebay scam?
References: <20050121181946.1DE354D50C@mail.patmedia.net>
In-Reply-To: <20050121181946.1DE354D50C@mail.patmedia.net>
cc: classicrendezvous@bikelist.org

Robert Kaufmann <kaufmann@crsa.bu.edu> wrote:
> I don't but much stuff over the internet--my only purchases
> are "Bike stuff" that I purchase from ebay. Today, I receioved an e-
> mail telling me that:
>
> "We regret to inform you that your eBay account could be suspended if
> you don't re-update your account information. To resolve this
> problems please
> http://ebay.com/<blah
> d
> 39abd6c44b
> 48d6fe3559112c21e54b7e705ecc5116b3c7c38c37949e8aa81848934faf0821be042
> 1
> 0e8c2ded3c 4159edbee3ee1439f3892a3e91/>click here and re-enter your
> account information. If your problems could not be resolved your
> account will be suspended for a period of 24 hours, after this period
> your account will be terminated."
>
> When I go to the above URL, it ask for all sorts of information,
> including my SSN. This seem dubious to me--but the return address on
> the e-mail is eBay@eBay.com
>
> My gut is to ignore this message--but I would hate to bid on
> something at the last minute only to find out that my account
> was "suspended"

This is a common scam or "phishing" (http://en.wikipedia.org/wiki/Phishing) attempt. If you look at the address of the site it directs you to (http://218.154.123.224/) you can see that it doesn't belong to eBay:

[john@starfleet ~]$ whois 218.154.123.224 [Querying whois.apnic.net] [whois.apnic.net] % [whois.apnic.net node-2] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 218.144.0.0 - 218.159.255.255 netname: KORNET descr: KOREA TELECOM descr: Network Management Center country: KR admin-c: DL248-AP tech-c: GK40-AP remarks: *********************************************** remarks: KRNIC of NIDA is the National Internet Registry remarks: in Korea under APNIC. If you would like to remarks: find assignment information in detail remarks: please refer to the NIDA Whois DB remarks: http://whois.nida.or.kr/english/index.html remarks: *********************************************** mnt-by: MNT-KRNIC-AP mnt-lower: MNT-KRNIC-AP changed: hostmaster@apnic.net 20010924 status: ALLOCATED PORTABLE changed: hm-changed@apnic.net 20041007 source: APNIC

person: Dong-Joo Lee address: 128-9 Yeong-Dong Jongro-Ku Seoul address: Network Management Center country: KR phone: +82-2-766-1407 fax-no: +82-2-766-6008 e-mail: ip@ns.kornet.net nic-hdl: DL248-AP mnt-by: MAINT-NEW changed: hostmaster@nic.or.kr 20010425 source: APNIC

person: Gyung-Jun Kim address: KORNET address: 128-9, Yeong-Dong, Jongro-Ku address: SEOUL address: 110-763 country: KR phone: +82-2-747-9213 fax-no: +82-2-3673-5452 e-mail: ip@ns.kornet.net nic-hdl: GK40-AP mnt-by: MNT-KRNIC-AP changed: hostmaster@nic.or.kr 20010906 source: APNIC

I usually just forward these emails (including all the header lines) to "spoof@ebay.com" and let them deal with it.

-John Thompson (john@os2.dhs.org)
Appleton WI USA