Anyways the email is 100% authentic lookalike as an real ebay email would look. It says that the credit card on file was attempted to be charged but was declined, please update your card etc… it gives a long URL which has something like “cgi…ebay.com” etc but when you click the link it takes you to some obvious nonebay URL. The page also looks 100% authentic as an ebay LOGin page would.
All of this looked so good, I’m not convinced it’s a scam. Will someone look into it?
Recently we attempted to authorize payment from your credit card we have on file for you, but it was declined.
For security purposes, our system automatically removes credit card information from an account when there is a problem or the card expires.
Please resubmit the credit card, and provide us with new and complete information. To resubmit credit card information via our secure server, click the following link:
What I did was I type in random letters for username and password and it proceeded to the credit card update page. I did not fill out a single form, I just clicked submit and it brought me to the final page saying:
Form Submission successful
Thank you for updating your information.
Back to Homepage
I have already contacted ebay about this thing. I think I may have saved a lot of people heartache and money.
On a slight hijack, a friend and I both got something similar claiming to be from “paysecurity” at paypal. It asks you to confirm your credit card number and details in a form in the email for security reasons.
We looked through the source for it before replying. The catch was that although all the email addresses supplied appeared to go to paypal, the cgi script it activated didn’t. It seems to go to the same domain as your ebay scam letter above.
We’ve contacted paypal about this and were told they were taking action. Has anyone else received one of these, or anything similar?
Forget this business about the “@” symbol. The text you see might have nothing in common with where the link takes you! Guess what happens if you click here: http://www.yahoo.com
This is because the text shown is not necessarily the address that you go to. If you have your “status bar” showing, then it might show you that this link really goes to Google, but very often people just click without looking at the status bar, or (especially in email) the status bar isn’t showing.
Whenever I’m suspicious, I try to do a right-click and then check out the Properties of the link.
It has come to our attention that your ebay Billing information’s
records are out of date. “The records belonging to the Billing information”?
thats require update your billing information’s First word not capitalized. My billing informations what? (Possessive.)
If you could please take 5-10 minutes out of your online experience and update. Sentence fragment. (A comma would make it a sentence, but it would be an awkward one for an official e-mail.)
Once you have updated your account records your ebay session will not be interrupted and will continue as normal. Poor syntax.
Marry KimmelMarry? Why would I want to marry this Kimmel person?
I did not click on any of the links, but right-clicked to find out what they were. Not eBay. eBay confirmed that this is spam and said they would “take appropriate action”. Since this was an obvious attempt at credit fraud, I filed an official complaint with the FBI.
As for the OP, I received that e-mail but the bonehead couldn’t be bothered to get his HTML right. This is how it looks (trimmed):
<html><font color="white">qjcs ohusilzk jiufhi <br><font color="black">
<table width="73%" height="307">
<td height="18">Recently we attempted to authorize payment from your credit
card we have on file for you, but it was declined.</td>
Hahahahahahaha! Oh, yeah. I’m going to believe that came from eBay!
Incorrect. http://xxx:firstname.lastname@example.org is a valid format that can be used to access some password-protected addresses. However, this puts the username/password (the xxx:yyy part) in plaintext across the 'net…not good. There are other issues involved as well, but an @ in a URL does not automatically make it fake - highly suspicious, yes, but not necessarily a scam - the important part is after the @ sign (as noted by other posters).
Also, it looks like the scam site has been deleted - all you get now is “The page you were trying to access was not found or** has been deleted for terms violation**” (bolding mine) - doggone quick work, I must say