Ebay users beware..!!!

[Tony F]

Evening all....just a heads up for you Ebay users....I've been on the phone with them for 2 hours tonight regarding an e-mail I received from "Ebay" It said My bid was unsuccessful and listed my max bid and to please try again. This email looked genuine. I am aware that spoof emails do not have personal details in them and are just addressed to "Dear User" I haven't been on Ebay all day so had no chance to bid on anything....let alone a tanning sprayer..

This one was different...It had my user name AND my personal name.....sound genuine ? No it wasn't...I spoke to Ebay's account security and they said it's highly unusual and it did not come from them...It even had an Ebay senders ID. If you get an email from Ebay...please be wary and if you think it's a spoof then report it.

Just to make people aware who may not know.....Ebay emails are only genuine if they go to your personal email address AND your Ebay message inbox.

All the best

Tony

[john melia 1]

Thanks tony

[Robin Kearney]

Interesting, thanks for sharing Tony. May I ask if you use the same username and full name on any other sites? That is a common tactic, if you break into some site, grab the user list the use it to make your phishing emails genuine.

If you don't use the username elsewhere then I suspect eBay have leaked some data and are just not being truthful, there are various anecdotal accounts of large sites having leaks but not coming clean.

the from address of the email is the easiest thing in the world to fake, one reason you should never trust who an email says it is from.

r.

[Tony F]

Sadly Rob...I'm one of millions who use the same username across sites.....I'm in the process of rectifying this ASAP

Tony

[Robin Kearney]

Tony, one trick I use is to have site specific email addresses, a lot of email companies these days let you create aliases on the fly, so you don't have to actually pre-warn your email provider of a new alias. This way I know if I receive email to a specific address I know which site had leaked the data.

Gmail have a page explaining how they do it here, I think others do it in a similar way. So you could, for example use [email protected] (assuming your main address is [email protected]) to sign up for your account for this site and so on. At least you know who lost your data if spam turns up addresses to such an address

r.

[John Privett]

Similarly, Robin, I have unlimited different email addresses on a domain name I own. So each company/organisation I deal with gets a unique email address closely related to that organisation.

Slight downside to this is that spammers often invent new email addresses to send to and recently I've received quite a few junk emails to bizarre addresses - eg. c212afhse@<my domain name>. Even more bizzarely they usually address my by that name in the text of the email - Dear c212afhse, r-i-g-h-t..... so I really believe that is addressed to me by someone who isn't spamming?

And the source of other spam is interesting. A lot of my spam gets sent to the address I gave to Monarch airlines. And a fair bit to the one I gave to Halfords...

[Engine Doctor]

I have had that in the past . Checked my e-bay mail box and no matching message . I reported it to e-bay but dont know what they do about it , if anything. I have also had spoof Paypal messages . Always check you account and never respond to an e-mail .