Urban Legends Reference Pages: Inboxer Rebellion (eBay)






eBay

Claim:   Auction site eBay is sending out suspension notices via e-mail and asking customers to verify their account information.


Status:   False.

Example:   [Collected on the Internet, 2004]

eBay logo

Security
Update
 

 Need
Help?

Official
Notice for all eBay users Dear eBay User,
During our regular udpate and verification of the
accounts, we couldn’t verify your current information.
Either your information has changed or it is incomplete.
As a result, your access to bid or buy on Ebay has
been restricted. To start using your eBay account fully,
please update and verify
your information by clicking below
:

http://www.ebay.com.us:eBayISAPIdllVerifyInformation
Regards, eBay **Please
Do Not Reply To This E-Mail As You Will Not Receive A
Responce**

Copyright
1995-2003 eBay Inc. All Rights Reserved. Designated
trademarks and brands are the property of their respective
owners. Use of this Web site constitutes acceptance of the
eBay User Agreement and Privacy Policy.

Origins:   The eBay auction site has long been popular bait for phishing schemes because many Internet users have Ebay accounts, and thus this type of ruse has a good chance of reeling in some unsuspecting victims.

The eBay phishing scam reproduced above has already been around the block in the same form several times. In this latest version, clicking the link in the body of the message takes the user not to the real eBay web site, but to a counterfeit eBay “Security Update” form. Once a user fills out the phony update form (which asks for personal data such eBay user names and passwords, credit card numbers, and Social Security numbers), the information is collected by the scammers and the user is redirected to another screen which makes it appear as though he was on the real eBay site the whole time.

The coding does a pretty good job obfuscating the URLs the user is actually visiting (passing through pages at both ebay-global.com and while.ws), so even cautious web users might still be fooled. Microsoft recently issued a security update for their Internet Explorer browser intended to eliminate this sort of browser spoofing.

Last updated:   3 February 2004