Well, for one thing, I don't have an eBay account, LMAO, and would never open an email like that and expose myself to a script or macro exploit.
However, I check all 'unknown' email that may be legit (usually) before I delete them. I right click on the message, pick details and then message source.
This is what I saw, and I highlight the giveaways here:
Quote:
X-Apparently-To: m44l@yahoo.ca via 66.218.78.123; Mon, 11 Oct 2004 01:16:44 -0700
X-YahooFilteredBulk: 69.93.137.114
X-Originating-IP: [69.93.137.114]
Return-Path: <customersupport@ebay.com>
Received: from 69.93.137.114 (EHLO denver.hostat.net) (69.93.137.114)
by mta293.mail.scd.yahoo.com with SMTP; Mon, 11 Oct 2004 01:16:44 -0700
Received: from nobody by denver.hostat.net with local (Exim 4.34)
id 1CGvMF-0005Dw-PW
for m44l@yahoo.ca; Mon, 11 Oct 2004 03:16:39 -0500
To: m44l@yahoo.ca
Subject: Security Measures (SafeHarbor) (KMM82003618V76837L0KM)
MIME-Version: 1.0
Content-type: text/html; charset=iso-8859-1
From: CustomerSupport@eBay.com
Message-Id: <E1CGvMF-0005Dw-PW@denver.hostat.net>
Date: Mon, 11 Oct 2004 03:16:39 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - denver.hostat.net
X-AntiAbuse: Original Domain - yahoo.ca
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - eBay.com
X-Source:
X-Source-Args:
X-Source-Dir:
Dear eBay member
We recently noticed one or more attempts to log in to your eBay account from a
foreign IP address and we have reasons to belive that your account was hijacked
by a third party without your authorization.
If you recently accessed your account while traveling,the unusual log in attempts
may have been initiated by you.
However,if you are the rightfull holder of the account, click on the link below,
fill the form and then submit as we try to verify your identity.
<a href="http://www.tranceenergy.net/aw-config/index.php?mail=m44l@yahoo.ca
&?motd=eBay?YY=39830&inc=25&order=down&sort=date&p os=0&view=a&head=b&box=Trash">
http://cgi3.ebay.com//aw-cgi/eBayISAPI.dll?VerifyIdentity&ssPageName=</a>
The log in attempt was made from:
IP address: 205.188.119.22
ISP host: cache-ag04.proxy.aol.com
If you choose to ignore our request,you leave us no choise but to temporaly suspend
your account.
We ask that you allow at least 72 hours for the case to be investigated and we
strongly recommend not to make any changes to your account in that time.
If you received this notice and you are not the authorized account
holder, please be aware that it is in violation of eBay policy to represent
oneself as another eBay user. Such action may also be in violation of
local, national, and/or international law. eBay is committed to assist
law enforcement with any inquires related to attempts to misappropriate
personal information with the intent to commit fraud or theft.
Information will be provided at the request of law enforcement agencies to
ensure that perpetrators are prosecuted to the fullest extent of the law.
*Please do not respond to this e-mail as your reply will not be received.
Thanks for your patience as we work together to protect your account.
Regards,
Safeharbor Department
eBay Inc.
|
Next, I attatch the message to a real email address:
Quote:
Reporting Spoof emails is as easy as 1-2-3.
If you have any doubt whether an email is really from eBay, here's how to report it:
1. Forward the message to spoof@ebay.com.
2. Don't alter the subject line or forward the message as an attachment - doing so prevents us from investigating it further.
3. Once you have forwarded the email, you can then delete it from your email account.
|
There is no script in the message, so I will open it and forward to eBay.
For more info:
http://pages.ebay.com/securitycenter/index.html
iEntry 10th Anniversary 
Forum Rules 
Search
Share Thread: & Tags
10-11-2004, 07:51 PM
How to spot eBay spoof
Linear Mode
