eBay Update Scam Resurfaces
An email pretending to be from support@ebay.com is designed to dupe members into revealing personal financial details, such as mother's maiden name, credit card account information, bank account number, pin code and a variety of other sensitive information.
The email contains what appears to be a link to a valid eBay webpage. Coded into the HTML, however, is its real destination, an Asia Pacific website that has no affiliation to the online auction site.
The email is received as follows:
Dear valued eBay member: It has come to our attention that your eBay billing informations are out of order. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service. However, failure to update your records will result in account suspension. Please update your records by August 30th.
Once you have updated your account records your eBay session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service (TOS) violations or future problems.
To update your eBay records click here: http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?UPdate
eBay Update team
Instead of pointing to http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?UPdate, the link actually points to http://202.131.117.83/asp/ebayDLLupdate/index.html, a website hosted by SabInfotech Chandigarhof India. The headers of the email indicate the message originated from an IP address belonging to the Korea Network Information Center in Seoul, Korea.
The originating IP address is 210.179.143.1.
Administrators may wish to block access to/from the offending IPs, 202.131.117.83 and 210.179.143.1.
This is not the first email scam designed to bilk sensitive information. In July 2003, the Webber Trojan disguised itself as correspondence from reputable banking entities Wells Fargo, Citibank, and E-Loan in an attempt to install a remotely accessible backdoor on victim's machine. Nor is it the first email scam to target eBay customers. In fact, this latest rendition mimics earlier scams that used many of these same tactics to gain valuable credit card and banking account data from unsuspecting members.
The email contains what appears to be a link to a valid eBay webpage. Coded into the HTML, however, is its real destination, an Asia Pacific website that has no affiliation to the online auction site.
The email is received as follows:
Dear valued eBay member: It has come to our attention that your eBay billing informations are out of order. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service. However, failure to update your records will result in account suspension. Please update your records by August 30th.
Once you have updated your account records your eBay session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service (TOS) violations or future problems.
To update your eBay records click here: http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?UPdate
eBay Update team
Instead of pointing to http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?UPdate, the link actually points to http://202.131.117.83/asp/ebayDLLupdate/index.html, a website hosted by SabInfotech Chandigarhof India. The headers of the email indicate the message originated from an IP address belonging to the Korea Network Information Center in Seoul, Korea.
The originating IP address is 210.179.143.1.
Administrators may wish to block access to/from the offending IPs, 202.131.117.83 and 210.179.143.1.
This is not the first email scam designed to bilk sensitive information. In July 2003, the Webber Trojan disguised itself as correspondence from reputable banking entities Wells Fargo, Citibank, and E-Loan in an attempt to install a remotely accessible backdoor on victim's machine. Nor is it the first email scam to target eBay customers. In fact, this latest rendition mimics earlier scams that used many of these same tactics to gain valuable credit card and banking account data from unsuspecting members.
Source...