eBay request: Please follow the Member Verification Procedure (Second Notice)
Dear eBay Member,
Due to recent account takeovers and unauthorized listings, eBay is introducing a new account verification method. From time to time, randomly selected accounts are subjected to an advanced verification process based on our merchant accounts/bank relations and customers credit card. eBay may also request in an email message scanned/faxed copies of one or more photo ID's. Your account confirmation may go wrong if your credit card/bank account is expired, or if you have changed your credit card number, billing address etc. without letting us know about the change.
Subject of this verification process are also the accounts that have unpaid dues to eBay.
Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed we reserve the right to suspend your eBay registration. If you received this notice and you are not the authorized account holder, please be aware that it is in violation of eBay policy to represent oneself as another eBay user. Such action may also be in violation of local, national, and/or international law. eBay is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law.
That's the email I got tonight for YAPS (Yet Another Phishing Scam). In fact I'm creating a new category for the news using the "YAPS" term. The sad thing is, even though the scam phishing site checks for a "valid" credit card, the URL is oh so not ebay.com. Yet would you believe folks still fall for this? Even a single person who falls for such a scam will provide the desire for these crooks to continue operating. Spread the word! Learn about the truth in fake sites and how authentic portals like eBay operate -- they don't send out such emails.
The email continues in bold:
Note: If this is the second time you receive this notice, it might be because you have made a mistake when you entered your details or that the account was not updated at all.
Its signed:
Respectfully,
Trust and Safety Department
eBay Inc.
Visually the link its supposed to send me to is
http://signin.ebay.com/ws/eBayISAPI.dll?SignIn&co_partnerId=2&pUserId=&siteid=0&pageType
But rather it takes me here (don't visit it!):
http://www.ssgps.edu.hk/.asp/index.php?MfcISAPICommand=SignInFPP
For so interests of security curiosity, here is what the page renders as (click all image to enlarge):
Now tell me, does that really really appear to be eBay. I've seen more
sophisticated scam sites. This particular is a real sham diggity. For reference here is the email:
The email gets routed from vsl.mlps.hlc.edu.tw ([210.240.84.68]). Pretty sad "deception". But lets remember, if these things aren't made publicly available, then there is always the slightest chance someone will fall victim. If we can stop that from happening, then we've empowered just one more person.
