Urban Legends Reference Pages: Inboxer Rebellion (eBay)


Claim:   Auction site eBay is sending out notices requesting that users update their account information.

Status:   False.

Example:   [Collected on the Internet, 2004]

Update Your Account Information
Within 24 Hours

Valued eBay Member,

According to our site policy you will have to confirm that you are the
real owner of the eBay account by completing the following form or else
your account will be suspended within 24 hours for investigations.

Never share your
eBay password to anyone!

Establish your proof of
identity with ID Verify (free of charge) – an easy way to help others
trust you as their trading partner. The process takes about 5 minutes to
complete and involves updating your eBay information. When you’re
successfully verified, you will receive an ID Verify icon in your feedback profile. Currently,
the service is only available to residents of the United States and U.S.
territories (Puerto Rico, US Virgin Islands and Guam.)


To update your eBay records

Origins:   The eBay auction site has long been popular bait for phishing schemes because many Internet users have eBay accounts, and thus this type of ruse has a good chance of reeling in some unsuspecting victims.

The eBay phishing scam reproduced above has already been around the block in similar form several times. In this latest version, clicking the “update your eBay records” link in the body of the message takes the user not to the real eBay web site, but to a counterfeit eBay “Account Activation” login screen hosted on a Korean web site.

However, this application appears to be more sophisticated than other phishing schemes, capable of polling eBay to determine whether entered account information is correct. The phony eBay login screen returns an error message if an invalid eBay login/password combination is entered, but if a valid combination is entered, the user is taken to another “Account Activation” screen and prompted to enter a wealth of sensitive personal data (address info, credit card info, checking account info). Once a user fills out and submits the phony activation form, a “You have successfully reactivated your eBay accout!” [sic] message is displayed, and the user is redirected to a legitimate eBay login screen to make it appear he was on the real eBay site the whole time. Meanwhile, the scammers have harvested a bonanza of useful financial data from their unsuspecting victim.

Last updated:   1 March 2004