It's more than just eBay. The scammers have counterfeit pages for AOL, Earthlink, etc.
From Steve Bass's (of PCWorld) newsletter:
Steve Bass's Home Office Newsletter
February 5th, 2003
Caution! It's an E-Mail Impersonator
Get ready, kids, you may be hit with some questionable e-mail from doofuses using decent imitations of pages from AOL, EarthLink, EBay, Yahoo, and other well-known sites, and asking you for credit card numbers and passwords. These finaglers are trying to take advantage of us, and unfortunately, they often succeed. (As suspicious as I am, I was almost duped, for goodness' sake.)
This week I'll give you the details on a few fake e-mails; in my next newsletter I'll talk about how to recognize these hoaxes and avoid being taken in by them. Buckle up your seatbelts, it's going to be a rough ride.
I Need to Verify Your Password
Right, and you also want my credit card number, mother's maiden name, driver's license, and social security number? That's what my mother was asked for in a recent e-mail from an AOL impersonator. Here's a screen capture of the message she received:
http://www.snurl.com/aolletter
When she clicked the link provided in the e-mail, she faced a form that looked real:
http://www.snurl.com/aolcc
The link was actually pointing to an elaborately designed counterfeit. Some links on the main page, say, Help and Privacy Policy, went to legit AOL pages. But fill in the forms and the data went to the impersonator's online database.
AOL's Nicholas J. Graham told me, "AOL has one easy, simple online 'golden rule': We will never, ever ask our members via e-mail or a Web page for their password or billing information." Graham went on to explain that, "If you get contacted by someone who purports to be AOL or get taken to a Web page that looks and feels like AOL--don't be fooled: it's not." He asked that instead of just deleting the e-mail containing the scam, "report it to us at
TOSReports@aol.com or call 888/265-8004; once we're made aware of it, we can take action to have the fake AOL Web page removed so no other members are affected by it."
Take a Break: Lucky PCWorld.com staffers went to January's humongous Consumer Electronics Show and boy did they see some dazzlers. For our take on the best, worst, and most bizarre products of the show, read "CES 2003: Picks and Pans," at:
http://www.pcworld.com/news/article/0,aid,108424,tk,sbx,00.asp
A Week of Strange E-Mail
It gets worse: In less than week, I received two e-mail come-ons, both with links to marvelous reproductions of real sites.
The first message was allegedly from EBay asking me to reenter my password and credit card info. The message went on to say,
"If you think you have received this e-mail as an error, please visit our website and fill out the neccesary [sic] information. That way we can make sure that everything is up to date! Again here is the link to our website.
Ebay Billing Center
Rep ID. 32A"
The impersonator provided a convenient link to a page that looked amazingly real:
http://snurl.com/ebayscam
EBay's Kevin Pursglove said, "We are aware of these so called 'spoof' Web sites. Apparently, they are popping up throughout the Web. The people behind these spoof sites attempt to collect personal information such as bank account or credit card numbers from Web users." He went on to say that EBay "frequently posts announcements on the EBay site to alert the EBay community about this practice, including alerts in administrative e-mails."
BTW, some EBay swindlers get nailed. Take a sec and read how one guy went after a rip-off artist. "Victim Busts Alleged EBay Swindler" is a good story and a quick read:
http://www.pcworld.com/news/article/0,aid,108055,tk,sbx,00.asp
More to Fret Over
The next missive looked like it was from my ISP, EarthLink--this was the one that had me going. I have more than a hundred messages to scan each morning; this one almost fooled me because the
Admin@corp.earthlink.net address on the bottom caught my eye, and the spoofed "From:
securityadmin@earthlink.net" return address had a ring of authenticity. What the scammers wanted was my EarthLink password:
"To: Undisclosed Recipients
From:
securityadmin@earthlink.net
Subject: Important information reguarding [sic] your Secure Earthlink Mail!
Dear Valued earthlink member,
We have noticed that you have not been reading your Secure ELN Mail. This is a new feature we have recently added to our system, and have been sending important account information to your Secure Earthlink Mail! Please be advised that we need you to log into your Secure Mail within the next 72 hours to keep the Secure Account information in our database.
Below is the site to log into your account HERE, or if your EMail client doesn't support HTML You may go to HERE. Thank you for your time on this matter
admin@corp.earthlink.net"
EarthLink's chief privacy officer, Les Seagraves, said that "Anyone can forge the 'from' line of an e-mail to make it appear as if the message came from someone else, so we urge subscribers to always be wary of e-mail or unsolicited phone calls asking for their password or other personal information."
Seagraves also reiterated what you've heard before: "EarthLink would never send out correspondence asking subscribers to tell us their passwords. ... We recommend that consumers never reveal their password unless they have initiated the call to their ISP and know they are talking with the appropriate service or support representative."