Beware. This is one I have not seen before. Yesterday afternoon I brought up the eBay N-scale listings page and saw an unusual featured item at the top of the list that was clearly out of place. It was one of those shady porn-type auction links, and it was titled something along the lines of “Looking for a husband” (complete with a steamy picture). Wondering how it got linked in the N-scale listings, I clicked on the auction to see who the seller was and get an auction number to report it. I was immediately routed to an eBay sign in page. Strange. I looked at the web address of the page and it was clearly not eBay. I was stunned. It was all a very elaborate attempt to ‘phish’ my eBay ID. What was most disturbing about this was that it was done through an auction ON EBAY! I always get eBay phishing attempts through email – but never directly off an auction on eBay. Predictably this auction disappeared. Has anyone ever seen this happen before? It amazed me that someone could do this right on eBay. I’d say this exposes a rather significant gap in security on their site.
Bruce, I would download Spybot or AdAware and scan your computer-it's possible that the problem might not be with eBay, but with your machine. Can't be too careful these days.
I can tell you with certainty that spyware is not involved. My machine is protected by several layers of active corporate and local software applications (including Spybot and AdAware). This is something that occurred on Ebay.
I see what you are saying Bruce. I am sure eBay will take steps to prevent that in the future and very quickly. Charlie
I have seen it for months now and it always disapears within a day. I don't understand that e-bay cannot protect itself from this guy.
I think eBay's volume of auctions presents a problem for policing. There were dozens of auctions for Nikon D2X's, a $4500 item, for $150-$1000--just email the seller--don't bid, oh, and wire the seller cash. It often took a day or two before these auction were deleted.
Tuned in for a better look I was already logged in checking my ebay and I also caught that long legged tail shot. Unlike you though I wasn't looking to report it, I just wanted a larger picture to view so I clicked on it! it took me to the sign in page also and I found that sort of strange so I skipped the peep show. Well I didn't get taken so blame it on shear stupid luck but as they say "Curiosity killed the cat"
Saw the same thing myself a couple weeks ago. In this case a huge set of 3000-gallon tanks hanging out of the yard limits, if you get my drift. In the N SCALE category, no less. Clicked on it, got the imitation signin.... WHOA NELLIE! I'm already signed in. I didn't think this was possible. You could click on the listing, or click on the picture, and you got the same login screen. It was imbedded inside Ebay itself. It was gone about 30 minutes later - they had pulled it. So I think they must scan for this stuff, but apparently they can't stop it from being loaded. Also got a different one this week - a message from an Ebay member - "I think you have a problem - this same item is listed twice under two different number - you might want to contact Ebay...." and there's a URL link underneath of it with a numeric IP. Well, I wasn't born yesterday so I turned that into Spoof. Interestingly enough, it was INSIDE my ebay messages, not an external email. About 10 minutes later I received a warning from Ebay NOT TO REPLY to messages from that userid. Apparently somebody had scammed the login through phishing, used it to send a message, was using that to scam more logins, and Ebay was hot on their tail. Man, it's a jungle out there.
Overly disturbing news here Yikes - I wonder if EBay takes the liability if someone clicks on these links? As a general rule - when in doubt - never sign in unless you type the web address yourself. All messages and communication is posted on the 'my ebay' page once you log in. This is very disturbing - if they are hitting N scale trains - its gotta be everywhere. Be careful - out - Mark in Cleveland.
You've got that right! They do watch for these things. but as Pete noted, the volume of sales offerings makes it impossible to catch everything. :sad: Boxcab E50
I got an email "Question from eBay Member" saying "Question from sydatkinson" "I'm still waiting the package to arrive What happened? Please mail me ASAP or I will report you to ebay." There was a box that said, "[FONT=Arial, Verdana]Respond to this question in My Messages.[/FONT]" When clicked it took me to a "sign in" page that looked like eBay. I was starting to type in my ebay name when I said "whoa nelly" and went instead to my favorite place ebay log in and logged in there. No messages, no activity for me for three months.
PayPal, Too I "received" a similar message from PayPal. "Pay now or we will close your account. Click here to sign in." All phony.
I get several threats a week about cancelling or suspending my PayPal account, some of which I send to Paypal's spoof address, as I do not have and never have had a PayPal account!! Others are caught by my spamblocker and I just delete those. I also seem to have accounts at credit unions and banks all over the country. Funny, when you look at "properties", you find the message comes from an address with ".ru" on the end more times than not. :angry:
The BEST one I've found so far was an e-bay phishing scheme off of an educational computer at a major medical university (.edu) . Just for fun I called the college, asked for the IT department, asked for systems security (they had somebody in charge), and reported the full URL. He checked it, and almost dropped the phone. Thanked me PROFUSELY for calling them directly, and in 15 minutes, that URL was locked down. A lot of stuff can happen on semi-public servers without the immediate knowledge of the system admin. If you find stuff, and can find a contact, don't be afraid to personally report stuff.
As smart as phishers and spammers have become, and they get smarter every day, it's mostly a matter of common sense on the user's part. Don't click on links in emails--either type in the address or use a "favorite" on your computer. Recognize that anyone can clone just about any website.
New one today that I have got about 50 of: You have sucessfully added a new e-mail address to your PayPal account. I know that all of these are junk but I view these as plain text and not HTML as I first read mail on the server before downloading it thereby killing all spam and viruses before downloading mail. In plain text you can see that the URL's that are supposed to go to eBay and PayPal are not really going there at all. They are trying every conceiveable method possible to try and get you to "sign in" at various sites from eBay and PayPal to a host of banks and other web sites where they can steal money. Bookmark all financial sites and never click anything to go to those places from an e-mail. Charlie
Well, there was one of those full frontal nudity items in the N scale featured items about 10 PM EDT tonight with some fractured French description. mg: Sure enough, when I got to the bottom of the page I decided to "refresh" and it had disappeared, so evidently eBay is getting rid of them quicker. What is the poster's reasoning? :confused7xq:
The poster wants you to click on the auction for details, which sends you to a fake eBay sign-in page. If you're not on to the scam, you just think eBay wants you to sign in to see the auction details. If you do, they (the poster) harvested your eBay ID and password. Pretty slick being able to do this right off of an eBay auction. I consider this a SERIOUS breach in security of their site. It’s a whole different ballgame than getting bogus email notifications. Don’t get me wrong, I really like eBay, but this is something that absolutely must get stopped or it could do some serious damage to them (in terms of trust).
Don't forget that one of the REAL harvests here is that people have a nasty tendency to use the same login name and password for a multitude of sites. Ask yourself - if a person harvests your ebay login and password - what else do they have access to? PayPal? Banking? That's the real payoff.... not just the Ebay account. Ebay can lock an account down pretty quickly, but by that time they may have wiped some accounts out. You really, really, really want to keep some of the passwords unique and change them frequently. The service really can't be responsible if you're not smart enough to do this most basic of security measures.
