eBay

shevey55 · ‎10-31-2017

I got this email today. Does it look legit? There's no message in my ebay. I did a refund a few days ago, but Paypal shows it as complete. I called the number that is showing, and it was an ebay number that is no longer used.

shevey55 · ‎11-01-2017

I had to go back to classic email, but I found the header. I sent it to you in PM

shevey55 · ‎11-01-2017

I sent it to Spoof@ebay.com. They said it's a scam. But after reading these posts, I guess that's still not a sure thing.

lja440 · ‎11-01-2017

If you opened it, change all of your passwords NOW!

berserkerplanet · ‎11-01-2017

It is a spoof. (responded with details in a reply to your PM)

As I explained in the PM, I did not follow the link to the website because there is so much garbage attached to it that I'm 100% certain it is keyed to your name and email address and don't want to confirm for them. Therefore can't see if it's a driveby malware site, a "lose weight fast eating papayas" site, an eBay, PayPal, or Barclays Bank password phishing site, etc.

Because it is an unknown, as lja said, if you clicked the link and a website loaded, change your eBay password (and PayPal for good measure). And run a malware scan.

If you did already click the link, or if you don't care about the fact that if I click the link it very likely signals them that you are an unsolicited email link clicker), I'll try to chase it down and figure out what they are up to if I can and the website is still up.

ted_200 · ‎11-01-2017

@shevey55 wrote:
I sent it to Spoof@ebay.com. They said it's a scam. But after reading these posts, I guess that's still not a sure thing.

I'm pretty sure they got it right this time.

Out of frustration, I once sent them a Seller Update notification email they sent me. I even added a note that I forwarded it because the contents were so ridiculous that I did not believe it could possibly really be from eBay.

They replied the email was a phishing attempt, and that it was not sent to me by eBay.

The Floggings Will Continue Until Morale Improves.

berserkerplanet · ‎11-01-2017

They got it right this time.

eBay generally doesn't send emails from Italian mail servers, identifying themselves as a Venezuelan mail server, and with links of the form:

"hXXp://403-255-343.6umfb3mgp8.5w7bwt56xzlxqpv.com.ve/cgi-bin/_hBhfK7m2mk/132355c9s0b676444buc90qf35c07b4kw93af323/
RASZZ5Qwc08DVkxGQgI7cLRcOPId1hk94qG.lEz..UEK0Eld451USDFSaX1vdoWBxhmyJSve5oRDSVtj-lY.iZRWqRJsVQdtz.f4D8.Zs=/j64/" target="_blank">Display message</a>

(above link was obfuscated with random char substitutions for the random looking chars that were already there. The base domain is untouched 5w7bwt56xzlxqpv.com.ve)

That domain registration has an incomplete US address, an American sounding contact name, a Russian email address, and an Ohio phone number. Pretty squirrelly.

shevey55 · ‎11-01-2017

I figured it was a spoof, but it's a new one on me. Thank you all.

southern*sweet*tea · ‎11-01-2017

@berserkerplanet wrote:
They got it right this time.

eBay generally doesn't send emails from Italian mail servers, identifying themselves as a Venezuelan mail server, and with links of the form:

"hXXp://403-255-343.6umfb3mgp8.5w7bwt56xzlxqpv.com.ve/cgi-bin/_hBhfK7m2mk/132355c9s0b676444buc90qf35c07b4kw93af323/
RASZZ5Qwc08DVkxGQgI7cLRcOPId1hk94qG.lEz..UEK0Eld451USDFSaX1vdoWBxhmyJSve5oRDSVtj-lY.iZRWqRJsVQdtz.f4D8.Zs=/j64/" target="_blank">Display message</a>

(above link was obfuscated with random char substitutions for the random looking chars that were already there. The base domain is untouched 5w7bwt56xzlxqpv.com.ve)

That domain registration has an incomplete US address, an American sounding contact name, a Russian email address, and an Ohio phone number. Pretty squirrelly.

Bay Hill, US lol

The easier you are to offend the easier you are to control.

We seem to be getting closer and closer to a situation where nobody is responsible for what they did but we are all responsible for what somebody else did. - Thomas Sowell