Welcome to Guru Will Sellit's Home on the Web!

Part of the Sun Surplus Group of Organisations

www.one4sun.net.au


Ebay ID Verify Scam - Initial Email Received on Thursday, March 4, 2004

This email attempts to co-erce you into downloading a malicious MS Windows virus program from a server in Asia.

The email message received is reproduced in full below (minus all the HTML encapsulation).


From customerservice@eBay.com  Thu Mar  4 01:00:28 2004
Return-Path: <customerservice@eBay.com>
X-Original-To: one4sun@lios.apana.org.au
Delivered-To: one4sun@lios.apana.org.au
Received: by lios.apana.org.au (Postfix, from userid 23)
	id A869D384AC; Thu,  4 Mar 2004 01:00:27 +1100 (EST)
Received: from server4.compton.net (h216-183-11-5.gtcust.grouptelecom.net [216.183.11.5])
	by lios.apana.org.au (Postfix) with ESMTP id C83F238483
	for ; Thu,  4 Mar 2004 01:00:08 +1100 (EST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by server4.compton.net (8.12.5/8.12.5) with SMTP id i23E04NX014921
	for ; Wed, 3 Mar 2004 09:00:05 -0500
Message-Id: <200403031400.i23E04NX014921@server4.compton.net>
From: <customerservice@eBay.com>
To: <one4sun@lios.apana.org.au>
Subject: Verify your eBay ID
Date: Wed, 3 Mar 2004 09:00:04 -0500
X-Mailer: sendEmail-1.40
X-Spam-Level: 
X-Spam-Status: No, hits=0.9 required=5.0 tests=HTML_70_80,HTML_FONTCOLOR_BLUE,
	HTML_MESSAGE,HTML_TAG_BALANCE_A,MIME_HTML_ONLY,NORMAL_HTTP_TO_IP,
	NO_REAL_NAME autolearn=no version=2.63
X-Sanitizer: Advosys mail filter
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Status: R
X-Status: 
X-Keywords:                  

From collectibles to cars, buy and sell all kinds of items on eBay

home | pay| register| sign in/out | services | site map|help

   Dear eBay user,

You are urged to establish your proof of identity with ID Verify - an
easy way to help others trust you as their trading partner as our service
quality is changing. The process takes about 5 minutes to complete and
involves updating your information over a secure connection and answering
a few questions. When you're successfully verified, you will receive an
ID Verify icon in your feedback profile. This feature applies to
residents of the United States and U.S. territories (Puerto Rico, US
Virgin Islands and Guam), Europe (EU) and Australia. .


Fee:
Verification is free of charge and is valid until your name, home address
or phone number change.

ID Verify Now, and help us improve the service we are providing to our
customers.

Note: After successful verification, you will not be able to modify your
contact information for 30 days. Also, the ID Verify icon is used for 3
different verification processes. Verisign provides individual
verification on eBay.com. GeoTrust, Inc. is used for the verification of
certain businesses selling on eBay.com. Deutsche Post is used for the
verification of German members on eBay.de.

Warning: Failure to Verify your ID may result in Account Suspension.

Regards,

Safeharbor Department
eBay, Inc.
Now that you've read the email text, what do you think? This is just one example of the massive number of scams trying to steal login information for online banking, auction, and other financial transaction sites...

As you can see from the headers, the email didn't come from Ebay at all, and the URL which the email asks you to go to doesn't exist at Ebay's site! The full URL of the fake Ebay web page you're asked to go to (which initiates the virus file download) is:

http://211.224.55.71/secure/eBayISAPI.dllSecurity=UsingSSL=0pUserId=ru=http3A2F2Fcgi1.ebay.com2Faw-cgi2FeBayISAPI.dll3FMyEbayLogin26pass3D7B_pass7D26userid3Dpp=check/eBayISAPI.php

The IP address 211.224.55.71 does NOT resolve to a valid fully-qualified host name in the DNS! That's another indicator of the URL being involved in a scam.

You can also read the complete email with the full HTML-encoded content that was embedded in it.

You're visitor # . Current time is on .

If there's something you'd like to ask me, or you'd just like to say hello, please send me some email. Note that the email address has been 'poisoned'.


Return to the March 2004 Ebay ID Verify Scam Page