eBay

evry1nositswindy · ‎03-29-2023

Check out this email I got from "eBay" today. Of course I didn't click on any links and I forwarded it to spoof. Anybody else get this?

evry1nositswindy • seller since 2013
Volunteer Community Mentor

mtgraves7984 · ‎03-29-2023

No, I didn't. And I wouldn't have clicked links, either. Honest to Pete...

dbfolks166mt · ‎03-29-2023

It wouldn't have mattered if I had, which I didn't, I can't read it anyway. 😃

pburn · ‎03-29-2023

@evry1nositswindy

What was the email address like? Was it from some spoofy domain name, etc.?

Did you, by any chance, copy/paste that into a translator? Google's probably the most accessible, even if it's not the very best translation software.

If so, tell us what it said! LOL!

richard1rst · ‎03-29-2023

Probably in the same vein I have received 3 in the past month telling me that 5 of my listings had invalid http: coding (where of course it should be https:) along with a link telling which 5 they are,.

Like you I simply forwarded it to Spoof.

I do know that id you hover your mouse over the link then the lower left corner of your screen will show you the landing page of the link. Each one was different. Interestingly all of them said "5 listings" and the text seemed identical. I can only guess they are working off of some template.

The world is filled with charlatans.

"Laissez-faire capitalism (AKA The Great Material Continuum) is the only social system based on the recognition of individual rights and, therefore, the only system that bans force from social relationships." ~ Ayn Rand

chapeau-noir · ‎03-29-2023

Out of curiosity, what's the source code look like?

“The illegal we do immediately, the unconstitutional takes a little longer.” - Henry Kissinger

"Wherever law ends, tyranny begins" -John Locke

itsjustasprain · ‎03-29-2023

@evry1nositswindy wrote:
Check out this email I got from "eBay" today. Of course I didn't click on any links and I forwarded it to spoof. Anybody else get this?

Not looking like that, no. Anyway, here's your English translation, courtesy of Google Image Translation:

It's far from perfect and I'm not sure what language it's translated from (Thai? Cambodian?), but the results speak for themselves. (We couldn't even imagine this stuff just a few years ago.) eBay seems to have an odd idea about what country you're in.

slippinjimmy · ‎03-29-2023

Haven't seen that one. I think my phishing friends have better skills and only correspond in English.

I run with zero spam filtering, I get a couple a week from "eBay" plus 10 - 20 more for other targets (Norton, Chase, Amazon, Coinbase etc.), a few times a year I still get the classic Nigerian 419 messages.

I forward all eBay related ones to spoof@ebay.com, I'm not that diligent on the others.

Paranoia strikes deep
Into your life it will creep

evry1nositswindy · ‎03-30-2023

@chapeau-noir I'm not a techie--what is source code?

evry1nositswindy • seller since 2013
Volunteer Community Mentor

evry1nositswindy · ‎03-30-2023

@pburn

From:

EBay TH

ebay@communications.ebay.co.th

+ Add to contacts

evry1nositswindy • seller since 2013
Volunteer Community Mentor

chapeau-noir · ‎03-30-2023

@evry1nositswindy wrote:
@chapeau-noir I'm not a techie--what is source code?

I'm assuming that came into your email, too - there you should be able to find a 'view source' button or link depending if you use webmail or a client like Thunderbird (say). It just shows the email origin domain and path - sometimes it can help figuring out where something came from and if it's legit.

“The illegal we do immediately, the unconstitutional takes a little longer.” - Henry Kissinger

"Wherever law ends, tyranny begins" -John Locke

pburn · ‎03-30-2023

So, you got your email from the eBay Thailand platform? How weird!

evelyb30 · ‎03-30-2023

@slippinjimmy wrote:
Haven't seen that one. I think my phishing friends have better skills and only correspond in English.

I run with zero spam filtering, I get a couple a week from "eBay" plus 10 - 20 more for other targets (Norton, Chase, Amazon, Coinbase etc.), a few times a year I still get the classic Nigerian 419 messages.

I forward all eBay related ones to spoof@ebay.com, I'm not that diligent on the others.

I miss the 419 scammers. They were funny. The one that still makes me laugh came from some guy taking apart a railroad in Sierra Leone or similar and wanted to sell me the scrap steel. I always wanted to write back and tell him sorry, full up; just bought an entire bridge closer to home!

She who dies with the most toys still dies; when's the estate sale?

chris13 · ‎03-30-2023

Be extra careful out there. I worked last week with Trust and Safety regarding a set of URLs where scammers had created 'Doppleganger URLs' that essentially hijacked the top level ebay.com domain format. Its a NASTY tricky way to spoof a URL, and not easy for everyone to spot...it was the *leading* characters that gave it away e.g. "foo.bar.ebay.com/xyz" Sometimes this is called 'dot spoofing'

This email address uses the same technique I believe.

For years IT folks have been lobbying to get the domain registration authority to put a stop to this, but to no avail.

pburn · ‎03-30-2023

@chris13 wrote:
Be extra careful out there. I worked last week with Trust and Safety regarding a set of URLs where scammers had created 'Doppleganger URLs' that essentially hijacked the top level ebay.com domain format.

So this and taking down a seller with 41,000+ listings?

Does Trust and Safety know you're posting about it on the public discussion boards?