Security Update  Need Help? Official Notice for all eBay users Dear eBay User, During our regular udpate and verification of the accounts, we couldn't verify your current information. Either your information has changed or it is incomplete. As a result, your access to bid or buy on Ebay has been restricted. To start using your eBay account fully, please update and verify your information by clicking below : http://www.ebay.com.us:eBayISAPIdllVerifyInformation Regards, eBay **Please Do Not Reply To This E-Mail As You Will Not Receive A Responce** Copyright 1995-2003 eBay Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. Use of this Web site constitutes acceptance of the eBay User Agreement and Privacy Policy.

Origins:   The eBay auction site has long been popular bait for phishing schemes because many Internet users have Ebay accounts, and thus this type of ruse has a good chance of reeling in some unsuspecting victims.

The eBay phishing scam reproduced above has already been around the block in the same form several times. In this latest version, clicking the link in the body of the message takes the user not to the real eBay web site, but to a counterfeit eBay "Security Update" form. Once a user fills out the phony update form (which asks for personal data such eBay user names and passwords, credit card numbers, and Social Security numbers), the information is collected by the scammers and the user is redirected to another screen which makes it appear as though he was on the real eBay site the whole time.

The coding does a pretty good job obfuscating the URLs the user is actually visiting (passing through pages at both ebay-global.com and while.ws), so even cautious web users might still be fooled. Microsoft recently issued a security update for their Internet Explorer browser intended to eliminate this sort of browser spoofing.

Last updated:   3 February 2004