[HATS] OT - Pay Pal Hoax -- Critical Warning!

T. Brad Smith ka5cdj@ka5cdj.net
Thu, 06 Mar 2003 16:10:57 -0700


I received an equally scary one lately from E-Bay, See Below:

>Dear valued ebay member sales :
>
>It has come to our attention that your ebay Billing information's
>records are out of date. thats require update your billing information's
>If you could please take 5-10 minutes out of your online experience and =
update.
>Your billing records you will not run into any future problems with the
>problems with the online service. However, failure to update your =
records will result in
>account termination. Please update your records by tomorrow.
>
>Once you have updated your account records your ebay session will not be
>interrupted and will continue as normal. Failure to update will result =
in
>cancellation of service, Terms of Service (TOS) violations or future =
billing
>problems.
>
>Please click here to update your billing records.
>
>Thank you for your time.
>Marry Kimmel
>ebay Billing Dept team.


To which I received a response from E-Bay about the fact that the
links provided did NOT work:

>Hello,
>Thank you for writing regarding the email you received.=20
>
>The message you received was not sent by eBay nor was it endorsed by us=20
>in any way. By altering the reply-to address for this email, it appears=20
>to have come from an eBay email address, when it actually came from an=20
>external email address. This also means that hitting the reply to button
>will send the message to the altered email address in the reply to=20
>field.  This process is commonly referred to as "Spoofing".
>
>Please rest assured that your account standing has not changed and that=20
>your auctions have not been affected.  We are currently investigating=20
>the source of the email. Although we are unable to provide specific=20
>information regarding the result of our investigation, we do take these=20
>offenses very seriously and will make sure that appropriate action is=20
>taken against those responsible.
>
>Please remember that eBay will never ask you for your private=20
>information, including credit card information or password, in an email.
>Also, eBay will never send you any request or solicitation from a=20
>non-eBay email account, or provide a link outside of eBay for entering=20
>credit card or other private information. If you ever need to give us=20
>information, it is suggested that going to the main website and=20
>following links there to the site map or any other place you may need to
>give information, is best. You will know for certain that you are on=20
>eBay.
>
>If you have entered your user ID in the email message provided you will=20
>wish to change your password following the steps below:
>
>* Click on the site map link (located at the top of any eBay page)=20
>
>* Scroll through the 'Services' section=20
>
>* Click on the link 'Change my password'=20
>
>Then once you are on the Change your password page, follow the=20
>instructions that appear on that page.
>
>In the future if you receive a similar email, do not respond to it, and=20
>contact us through the Rules and Safety Support at the following URL:
>
> http://pages.ebay.com/help/basics/select-RS.html=20
>
>Please also note that User ID's can be seen by anyone visiting the site,
>therefore, we recommend that all members have a user ID that is not=20
>their email address to prevent visitors from obtaining your email=20
>address from the site. A User ID is a "nickname" you select that=20
>identifies you at eBay such as "Betty2000" or "TinyTrees."=20
>If your user ID is currently your email address you may change it by=20
>following the instructions below:
>=20
>* Click on the site map link located at the top of any eBay page
>* Scroll through the 'Services' section
>* Click on 'Change my User ID' and follow the instructions on that page
>=20
>All of your account information will be linked to the new ID including=20
>your feedback profile.  Additionally, you will have a set of "shades"=20
>next to your new ID for 30 days to alert members to the change.=20
>=20
>More information about account security can be found at the following=20
>address:
>
>=20
>http://pages.ebay.com/help/account_protection.html?ssPageName=3DCMDV:AB0=
00
>8
>
>We apologize for any confusion this message created for you and we=20
>appreciate your efforts in helping keep eBay a safe trading place.
>
>
>Regards, =20
>
>Eldron
>eBay Customer Support=20
>______________________________
>eBay
>Your Personal Trading Community (tm)
>
>*******************************************
>Try the new and improved Sell Your Item 2.0 and see how much easier it=20
>is to sell!=20
> =20
>You can find the New Sell Your Item form by clicking the "Sell" button=20
>at the top of any eBay page.
>
>_____________________________________________
>
>Important: eBay will not ask you for sensitive personal information=20
>(such as your password, credit card and bank account numbers, Social=20
>Security numbers, etc.) in an email. Learn more account protection tips=20
>at:
>
>http://www.pages.ebay.com/help/account_protection.html =20
>_____________________________________________
>
>For our latest announcements, please check:=20
>
>http://www2.ebay.com/aw/announce.shtml=20
>_____________________________________________
>
>In order to better serve you, we'd like to occasionally
>request feedback on our service. If you would rather
>not participate, please click on the link below and send
>us an email with the word ""REMOVE"" in the subject line.
>If that does not work, please send an email to the
>email address below. Your request will be processed
>within 5 days.=20
>
>mailto:cssremove@ebay.com=20
>
>*******************************************


So I guess the secret is .... Watch what you receive in E-Mail and
Whom you give information to .....

73,

T. Brad
KA5CDJ

On Thu, 6 Mar 2003 14:12:44 -0600, "Ron L. Sparks" <rls@sparkles.com>:

>
>
>I recently received a SCAM from unknown persons that you should watch
>out for, especially if you are a PayPal user.
>
>The attached message was in HTML format and looked just like a PayPal
>web page.  Being the suspicious type, I immediately logged into PayPal
>and found no such limitation.  Then as I checked the header info I found
>that it came to an e-mail address that I do not even have linked to my
>PayPal account.  The rest of the header was spoofed nicely so that it
>looked like a real PayPal message.
>
>I reported it to PayPal and did some other searches and found this has
>happened to others.
>
>Once again my policy of not giving out data on ANYTHING where I am not
>the originator has apparently saved the day.
>
>Pass this on as widely as you can.
>
>Be careful out there!
>
>Ron
>
>-----Original Message-----
>From: info@paypal.com [mailto:info@paypal.com]=20
>Sent: Wednesday, March 05, 2003 12:38 PM
>To:=20
>Subject: Your PayPal account is Limited.
>
> PAYPAL LOGO
> Dear PayPal Customer =20
>PayPal is currently performing regular maintenance of our security
>measures. Your account has been randomly selected for this maintenance,
>and placed on Limited Access status. Protecting the security of your
>PayPal account is our primary concern, and we apologize for any
>inconvenience this may cause.=20
>To restore your account to its regular status, you must confirm your
>email address by logging in to your PayPal account using the form below:
>Top of Form
>Email Address:  Password:   Bank Account  Enter Bank Account #:   Credit
>Card  Enter Credit Card #:  Exp. date : 01 02 03 04 05 06 07 08 09 10 11
>12 / 03 04 05 06 07   Bottom of Form
>
>This notification expires March 31, 2003 =20
>Thanks for using PayPal!   This PayPal notification was sent to your
>mailbox. Your PayPal account is set up to receive the PayPal Periodical
>newsletter and product updates when you create your account. To modify
>your notification preferences and unsubscribe, go to
>https://www.paypal.com/PREFS-NOTI and log in to your account. Changes to
>your preferences may take several days to be reflected in our mailings.
>Replies to this email will not be processed.=20
>
>If you previously asked to be excluded from Providian product offerings
>and solicitations, they apologize for this e-mail. Every effort was made
>to ensure that you were excluded from this e-mail. If you do not wish to
>receive promotional e-mail from Providian, go to
>http://removeme.providian.com/.=20
>
>CopyrightC 2002 PayPal Inc. All rights reserved. Designated trademarks
>and brands are the property of their respective owners.
>
>--------- End of Original Message --------------------
>
>
>_______________________________________________
>HATS mailing list
>HATS@stevens.com
>http://www.stevens.com/mailman/listinfo/hats
>