PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Versuch, die eBay-Account-Daten zu klauen?



dolphin
13.08.2005, 08:05
Mit folgender Mail, die vorgibt, von eBay zu kommen, soll wohl versucht werden an Daten zu kommen oder?
Empfaengerdaten habe ich (aus wohl verstaendlichen Gruenden) geloescht.
Mail wurde von mir zur Info an spoof [at] ebay.de gesandt. Diese eBay-Abteilung kuemmert sich um solche gefakten E-Mails.

X-Envelope-From: <u67102 [at] mail.hlyl.gov.tw>

X-Delivery-Time: 1123880067
Received: from mail.hlyl.gov.tw ([210.69.56.206])
by mailin.webmailer.de (8.13.1/8.13.1) with ESMTP ID: [ID filtered]
for ; Fri, 12 Aug 2005 xx:xx:xx +0200 (MEST)
Received: from mail.hlyl.gov.tw (localhost.localdomain [127.0.0.1])
by mail.hlyl.gov.tw (8.12.9-20030920pl1/8.12.9) with ESMTP ID: [ID filtered]
for ; Sat, 13 Aug 2005 xx:xx:xx +0800
Received: (from u67102 [at] localhost)
by mail.hlyl.gov.tw (8.12.9-20030920pl1/8.12.9/Submit) ID: [ID filtered]
Sat, 13 Aug 2005 xx:xx:xx +0800
Date: Sat, 13 Aug 2005 xx:xx:xx +0800
Message-ID: [ID filtered]
From: "emailnotif [at] ebay.com" <emailnotif [at] ebay.com>
To:
Subject: eBay Change Email Notice
Content-Type: text/html

http://209.208.122.202/~linda/.../.ws/.ebay/Dll/SignInPageName=/Sign%20In.htm

Sirius
13.08.2005, 08:39
Hallo.


Mit folgender Mail, die vorgibt, von eBay zu kommen, soll wohl versucht werden an Daten zu kommen oder? Genau! Das nennt man "Phishing" und es nimmt derzeit stark zu.

Das Mail gehört in die Kategorie "Dumm-Phisher". Ein User namens "Linda" hat versucht, sein Home-Verzeichnis zu einem eBay-Eingang umzufunktionieren. Dumm nur, dass Linda in USA sitzt: Internet Connect Company, Inc. in Gainesville / Florida. eBay hat den User-Account natürlich sofort stilllegen lassen.

Grüße

dolphin
14.08.2005, 06:52
Das ist ja eine gute Nachricht - vielen Dank!
Ich habe allerdings noch mehr zu bieten; werde derzeit überhäuft mit dem Zeugs ... und werde entsprechende Hinweise im Forum einstellen.

webeinspunktnull
16.08.2005, 01:02
ich verkaufe gar nix bei EBay

Return-Path: <root [at] localhost.localhost>
Delivery-Date: Sat, 13 Aug 2005 xx:xx:xx +0200
Received: from [206.176.109.182] (helo=localhost)
by mxeu8.kundenserver.de with ESMTP (Nemesis),
ID: [ID filtered]
Received: by localhost (Postfix, from userID: [ID filtered]
ID: [ID filtered]
To:
Subject: Question from eBay Member regarding Item #4637283746
Message-ID: [ID filtered]
From: "eBay Member : drhookxx" <contact [at] ebay.com>
Content-Type: text/html
Date: Fri, 12 Aug 2005 xx:xx:xx -0600 (MDT)
Envelope-To:



[Image ignored]
[Image ignored]Question about your item [Image ignored]

[Image ignored]
[Image ignored]
[Image ignored][Image ignored]
[Image ignored][Image ignored]Marketplace Safety Tip [links to pages.ebay.com/securitycenter/selling_safely.html] [Image ignored]

Always remember to complete your transaction on eBay - it's the safer way to trade.

Is this message an offer to buy your item directly through email without winning the item on eBay? If so, please help make the eBay marketplace safer by reporting it to us. These "off-eBay" transactions may be unsafe and are against eBay policy. Learn more about selling with confidence [links to pages.ebay.com/securitycenter/selling_safely.html].


Is the buyer asking you to send the balance of their overpayment via Western Union or MoneyGram?
If so, this may be a fraudulent transaction and you should report it [links to cgi1.ebay.com/aw-cgi/eBayISAPI.dll?ReportEmailAbuseShow] to eBay. Learn more about receiving payments [links to pages.ebay.com/help/confidence/isgw-fraud-receiving-payments.html].
[Image ignored]
[Image ignored]
[Image ignored]
If this email is inappropriate or in any way violates eBay policy, please help protect other eBay community members by reporting it [links to pages.ebay.com/help/policies/rfe-spam-non-ebay-sale.html] to us immediately.

[Image ignored]
[Image ignored]
[Image ignored]


How much will be shipping to Austin , Tx ?

[Image ignored]
Please respond to the question on eBay by clicking the button below. You'll have the option to display your response directly on the listing.

[Image "Respond" ignored] [links to http://200.75.75.203/index.php]





[Image ignored]
[Image ignored]
Thank you

drhookxx
Need help calculating shipping cost? Use the [Image ignored] Shipping Calculator [links to payments.ebay.com/ws/eBayISAPI.dll?EmitSellerShippingCalculator].



-------------------------------------------------------------------------

This email appears in the language of the eBay site where you are registered.

eBay treats your personal information with the utmost care, and our Privacy Policy is designed to protect you and your information. eBay will never ask their users for personal information, such as bank account numbers, credit card numbers, pin numbers, passwords, or Social Security numbers in an email. For more information on how to protect your eBay password and your account, please visit User Account Protection [links to pages.ebay.com/help/account_protection.html].
[Image ignored]
This eBay notice was sent based on your eBay account preferences and in accordance with our Privacy Policy [links to pages.ebay.com/help/community/png-priv.html]. To change your notification preferences, click here [links to cgi4.ebay.com/ws/eBayISAPI.dll?OptinLoginShow]. If you would like to receive this email in text format, click here [links to cgi4.ebay.com/ws/eBayISAPI.dll?OptinLoginShow].
[Image ignored]

Copyright © 2005 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
eBay and the eBay logo are trademarks of eBay Inc.

Hieronymus
04.09.2005, 19:04
Gehört das hier auch in die Ecke?
Der Nachrichtentext lässt sich nicht kopieren. Er ist englisch und ich werde aufgefordert, unter diesem Link meine ebaydaten erneut einzutragen, sonst würde mein Account gelöscht. Mein Benutzername wird nicht genannt.

Received: from [220.93.30.30] (helo=217.72.192.188)
by mx25.web.de with smtp (WEB.DE 4.105 #297)
ID: [ID filtered]
for poor [at] spamvictim.tld; Wed, 31 Aug 2005 xx:xx:xx +0200
FCC: mailbox://support_refnum_8018 [at] ebay.com/Sent
X-Identity-Key: id1
Date: Wed, 31 Aug 2005 xx:xx:xx +0400
From: eBay <support_refnum_8018 [at] ebay.com>
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: poor [at] spamvictim.tld
Subject: eBay Inc: Urgent Security Notice For CIient Of The Bank [Wed, 31 Aug 2005 xx:xx:xx -0500]
Content-Type: multipart/related;
boundary="------------070407000207050709040004"
Message-ID: [ID filtered]
Sender: support_refnum_8018 [at] ebay.com

This is a multi-part message in MIME format.
--------------070407000207050709040004
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit



<https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&sid=verify&co_partnerId=2&siteid=0>

Hewlett Packard come over GoTo Could I ask... in 1926

Investi
04.09.2005, 19:21
Die beworbene Seite ist aus Deinem Text nicht ersichtlich. Am besten wäre es, wenn Du den Quelltext der Seite mal kurz per PN an mich sendest, da kann man die korrekte Verknüpfung auslesen.

Auf jeden Fall handelt es sich eindeutig um einen Betrugsversuch.

Hieronymus
04.09.2005, 20:24
der Quelltext ist zu lang. (über 19.000 Zeichen). Was ist denn mit dem URL
https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&sid=verify&co_partnerId=2&siteid=0?

Investi
04.09.2005, 21:20
Was ist denn mit dem URL ?
Dies ist die korrekte URL von Ebay. Die wird zwar angezeigt, aber hinterlegt ist ein anderes Ziel. Dies wird im Quelltext codiert. Zu sehen sind inzwischen nicht nur in der Ausgabe, sondern auch in vielen Fällen in der Statuszeile die echte Ebay-Adresse, um das Opfer zu beruhigen und vor allem zum Klick zu bewegen. Ich sende Dir mal eine PN, dann kannst Du den Quelltext mal an die angegebene Mail-Adresse schicken.

Sven Udo
07.09.2005, 23:30
Die etwas andere Art"Ebay"!
From Improve your Weekly PayCheck Wed Sep 7 xx:xx:xx 2005
X-Apparently-To: xxxxxxxxxxxx [at] yahoo.de via 217.12.10.194; Wed, 07 Sep 2005 xx:xx:xx -0700
X-YahooFilteredBulk: 216.145.30.86
X-Originating-IP: [216.145.30.86]
Return-Path: <1-100100-yahoo.de?mein-name [at] rec.ishopperfly.info>
Authentication-Results: mta252.mail.scd.yahoo.com from=ishopperfly.info; domainkeys=neutral (no sig)
Received: from 216.145.30.86 (HELO rec.ishopperfly.info) (216.145.30.86) by mta252.mail.scd.yahoo.com with SMTP; Wed, 07 Sep 2005 xx:xx:xx -0700
MIME-Version: 1.0
X-Accept-Language: en
X-Priority: Normal
Von: "Improve your Weekly PayCheck" <marketing [at] ishopperfly.info> Zum Adressbuch hinzufügen
An: xxxxxxxxxxxxx [at] yahoo.de
Betreff: Make a Regular Income with EBAY
Content-Type: multipart/alternative; boundary="------------112610712874489"; class-id=1:9KI_mw5.j5IPzzzYD29bb7sj:100100
Datum: Wed, 7 Sep 2005 xx:xx:xx PST
Message-ID: [ID filtered]
X-Mailer: 3.2.5-53 [Sep 5 2005, xx:xx:xx]
Content-Length: 1591
Please go here to see this email

Click here to decline this offer:
No Thanks

26Red Marketing, LLC
3549 North University Ave.
Provo, Utah 84604

This is a commercial advertisement brought to you by eLimited,Inc., an online retail marketing firm. We provide a service to the online retail industry. You are receiving this promotion on behalf of one of our partners. The unsubscribe function is below and will automatically unsubscribe you within 48 hours if you choose to be removed.
*You can also FAX us your email address to unsubscribe if for some reason the features are not working. FAX us at: 309-402-4061 ( We will remove all FAX email addresses )

Marketing Department
1128-129 Royal Palm Beach Blvd.
Royal Palm Beach, FL 33411
309-402-4061-Fax

Click here to unsubscribe.

Click here to unsubscribe.

Click here to unsubscribe.

kjz1
08.09.2005, 09:05
So etwas kam hier auch an. Der Text ist nicht kopierbar, da es sich um ein GIF-Bild mit unterlegtem Link handelt. Das ist eigentlich typisch Leo's Masche. Aus dem Quelltext:

https://signin. ebay.com/ws/eBayISAPI.dll? SignIn&sid=verify&co_partnerId=2&siteid=0]
cid:part1.07080609.03020901 [at] supprefnum0610780026@ebay.com
in 1840 What area, please? Angelia Jolie We'd like to see Spice Girls

Da sehe ich auch keinen externen Link. Entweder hat die Spamware da etwas verbaselt oder mein Thunderbird zeigt den Quelltext nicht korrekt an...

- kjz

Gool
09.09.2005, 02:05
Ja, auch ich habe das Ding erhalten. In der Mail ist tatsächlich der richtige Link angegeben:

https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&sid=verify&co_partnerId=2&siteid=0

Aber: Es befindet sich darin auch ein Bild, ein Imagemap, um genauer zu sein, welches zu http://202.181.208.115/images/avatars/gallery/.../ führt.

Der Rest des Quelltextes ist dann eigentlich nur noch die mitgesendete Gif-Grafik:

Content-Type: image/gif;
name="anthem.GIF"
Content-Transfer-Encoding: base64
Content-ID: [ID filtered]
Content-Disposition: inline;
filename="anthem.GIF"

Hieronymus
09.09.2005, 22:32
Wer ist denn eigentlich Leo?

Hieronymus

kjz1
09.09.2005, 23:30
Wer ist denn eigentlich Leo?

Hier werden sie geholfen:

http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK4932

- kjz

Bernd_E
10.09.2005, 17:59
Ich habe heute mehrfach folgenden Dreck erhalten:

Received: from psi.t.u-tokyo.ac.jp ([133.11.65.103])
by winfaktenigate ([192.168.0.3], envelope-sender=<ito [at] psi.t.u-tokyo.ac.jp>)
with No Spam Today! Service V2.3.1.2 Freeware
for 192.168.0.2; Sat, 10 Sep 2005 xx:xx:xx +0200
Received: by psi.t.u-tokyo.ac.jp (Postfix, from userID: [ID filtered]
ID: [ID filtered]
To: xxx
Subject: Your Final Warning From eBay
Message-ID: [ID filtered]
From: "aw-confirm [at] eBay.com" <aw-confirm [at] eBay.com>
Content-Type: text/html
Date: Sat, 10 Sep 2005 xx:xx:xx +0900 (JST)


During our regularly schedule account maintenance and verification we have detected a slight error in your billing information on file with eBay. Your card will be used for identification only and will not be charged at any time. By having this type of identification from all users, eBay remains a safe place to buy and sell. Setting up a seller account necessitates valID: [ID filtered]

Your credit card on file with eBay:

Card number: XXXX-XXXX-XXXX-6259 (Not shown for security purposes)

Please sign in to your eBay account and update your billing information:

If your account information is not update, your ability to sell or bID: [ID filtered]

This eBay notice was sent to you based on your eBay account preferences and in accordance with our Privacy Policy. To change your notification preferences, click here. If you would like to receive this email in text format, click here.

Copyright © 2005 eBay Inc. All Rights Reserved.Designated trademarks and brands are the property of their respective owners. eBay and the eBay logo are trademarks of eBay Inc.

Hieronymus
14.09.2005, 18:05
Bei mir kam nochmal dasselbean, wie vor ein paar Tagen, jetzt rückdatiert. Was soll das, fast hätte ich es gar nicht bemerkt?



From - Wed Sep 14 xx:xx:xx 2005
X-Account-Key: account2
X-UIDL: [UID filtered]
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Received: from [72.224.90.245] (helo=cpe-72-224-90-245.nycap.res.rr.com)
by mx32.web.de with smtp (WEB.DE 4.105 #297)
ID: [ID filtered]
FCC: mailbox://support_id_447172640592751 [at] ebay.com/Sent
X-Identity-Key: id1
Date: Sun, 02 Feb 2003 xx:xx:xx -0400
From: eBay Inc <support_id_447172640592751 [at] ebay.com>
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: nicht ich @web.de
Subject: SPECIAL ANNOUNCE [Sun, 02 Feb 2003 xx:xx:xx +0600]
Content-Type: multipart/related;
boundary="------------080506080002040801020001"
Message-ID: [ID filtered]
Sender: support_id_447172640592751 [at] ebay.com

This is a multi-part message in MIME format.

brk
28.09.2005, 14:56
Return-Path: <apache [at] ns1.goetc.net>
Received: from unknown (HELO ns1.goetc.net) ([216.138.38.188])
(envelope-sender <poor [at] spamvictim.tld>)
by mx09.ispgateway.de (qmail-ldap-1.03) with SMTP
for <poor [at] spamvictim.tld>; 28 Sep 2005 xx:xx:xx -0000
Received: from ns1.goetc.net (localhost [127.0.0.1])
by ns1.goetc.net (8.12.9-20030917/8.12.9) with ESMTP ID: [ID filtered]
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <poor [at] spamvictim.tld>; Wed, 28 Sep 2005 xx:xx:xx -0500
Received: (from apache [at] localhost)
by ns1.goetc.net (8.12.9-20030917/8.12.9/Submit) ID: [ID filtered]
Wed, 28 Sep 2005 xx:xx:xx -0500
Date: Wed, 28 Sep 2005 xx:xx:xx -0500
Message-ID: [ID filtered]
To: poor [at] spamvictim.tld
Subject:[spam] Confirm that you are the real owner of the eBay account
From: eBay<aw-confirm [at] ebay.com>
Content-Type: text/html
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on
spamfilter01.ispgateway.de
X-Spam-Level: ***
X-Spam-Status: No, hits=4.0 required=9999.0 tests=FORGED_RCVD_HELO,HTML_60_70,
HTML_MESSAGE,HTML_TITLE_UNTITLED,MIME_HEADER_CTYPE_ONLY,
MIME_HTML_ONLY,NO_REAL_NAME,RCVD_IN_BL_SPAMCOP_NET autolearn=disabled
version=3.0.4
X-BitDefenderWKS-Spam: Yes (100)


Update Your Account Information Within 24 Hours


Valued eBay Member,
According to our site policy you will have to confirm that you are the real owner of the eBay account by completing the following form or else your account will be suspended within 24 hours for investigations.

Never share your eBay password to anyone!

Establish your proof of identity with ID: [ID filtered]


To update your eBay records >> Click here << http://bobtail.ru/.signin.ebay.com/ws/eBayISAPIdllSignIn.php

We appreciate your support and understanding, as we work together to keep eBay a safe place to trade.
Thank you for your patience in this matter.



Trust and Safety Department
eBay Inc.

Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.

Note : Ignoring this message will cause the Suspension of your account . To reactivate it you will have to pay a fee of 350 $ .


Copyright 1995-2005 eBay Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. Use of this Web site constitutes acceptance of the eBay User Agreement and Privacy Policy. Designated trademarks and brands are the property of their respective owners. eBay and the eBay logo are trademarks of eBay Inc. eBay is located at 2145 Hamilton Avenue, San Jose, CA 95125.

Ging schnell, aus versehen letzte Woche in einer Newsgroup eine Mailaddy via Googlegroups offenbart, schon kommen die phisher. Macht nix, Addy ist schon im Nirwana.

Alexander
06.10.2005, 15:10
Bekam vor kurzem ne e-mail von ebay mein konto zu vertifizieren ob ich privat oder geschäftlich bin.

Is das Pershing oder stammte die tatsächlich von ebay???

E-Mail leider gelöscht!!!)

Habe ein neues Fenster aufgemacht und mein Standard geändert auf privat

stieglitz
06.10.2005, 15:22
@alexander
Das war eine echte Mail.
E-Bay will in zukunft zwischen privat und geschäftlich differenzieren.
Hier die Meldung dazu:
http://www.intern.de/news/7128.html

Fidul
06.10.2005, 23:49
Is das Pershing oder stammte die tatsächlich von ebay???
Ein (http://tanxheaven.com/m26p/03-M-26'Pershing',Brussel.JPG) oder eine (http://www.fas.org/nuke/guide/usa/theater/pershing2_p2.jpg) Pershing war das mit Sicherheit nicht. :D