Wow- I Just Got An E-Mail From A Faux E Bay Site...

Yeah, fuckers*, I'll give you my credit card number..






*sorry for the profanity but that crap pisses me off

Funny thing is, I don't even have a PayPal account!

eom

from banks I've never heard of...just wanting to confirm my account number...or they're checking to see if recent fraud at the bank harmed my account. :D

People must actually go along with this stuff, or they wouldn't keep sending it out. :shrug:

... complete with the bank's counterfeit logo in the e-mail. They wanted my acct number for "security" reasons, otherwise they will deny me access to my acct.

and I'll illustrate with one of many "phish" spams I get.

First, find the originating ISP. You do that by doing whatever you have to do in your email program to see ALL the headers you got, like this:

Status: U
Return-Path: <[email protected]>
Received: from Sender (<193.108.234.170>)
by aaron.mail.atl.earthlink.net (EarthLink SMTP Server) with SMTP id 1cDGtD4Nf3Nl3qa0
Sun, 12 Dec 2004 22:02:21 -0500 (EST)
Reply-To: <[email protected]>
From: "Washington Mutual" <[email protected]>
Subject: Important customer notification regarding Online Banking account
Date: Mon, 13 Dec 2004 05:02:23 +0200
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1081
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081
X-ELNK-AV: 0

Dear Washington Mutual customer,

We recently reviewed your account, and suspect that your Internet Banking account may have been accessed by an unauthorized third party.
Protecting the security of your account and of the Washington Mutual network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features.

<...>


Then, see that line: "Received: from Sender (<193.108.234.170>)"

That's were the thing really came from, and I betcha it's not Washington Mutual Bank.

So, you got to http://www.iks-jena.de/cgi-bin/whois and don't worry about it being all in German-- it's one of the best lookup sites I've found.

Put the sender's number in the search box and the search will come up with the originator of the spam, amd it be in English. It will also usually show an "abuse" email. Forward the entire email to the "abuse" address and be SURE to include ALL headers.

In my case, the originator is Romanian, so they might care all that much, but many of them originate from here and western Europe. I have had good responses from many ISPs that don't want their clients doing this sort of thing. Most investigate, although they won't tell me what ultimately happened.

It's possible that a good hacker can even spoof that address, or just use them as a relay, but it's only the individual ISPs that have the means to track this stuff down. And, most of them hate it is much as we do, so they are motivated.

On edit-- there are Federal spooks who are looking into "phishing" but I have'nt bothered with them so far. I've been leaving it up to the ISPs to notify the Feds. I'm not sure they have, but I have only so much time to deal with this.

They can take some action too.

but I have been assured that with the bazillions of phish spams that go out, the companies know what's happening. It's one of the hottest security issues in the financial world for a year or so now.

eBay and PayPal have had their customers hit so hard, they have special teams rooting this stuff out. Sometimes, they see it before we do.

nt

I use Eudora, which has a "blah, blah, blah" button that shows that stuff you normally don't want to see when reading email. Some webmail gives you all the headers whether you want them or not, and other email programs have their own ways-- check the help files on your software and look for the keywaord "headers"

:eyes:

Write ebay a letter & complain. I did it before.

It might be a new iteration of a phishing email. You might catch one early on! I report them all.

nt

Do not open the mail.
Forward such emails to

[email protected]

or

[email protected]