The last two days I’ve received e-mails from e-bay asking me to follow a particular link because I forgot my password and I need to get a new one.
Except. I didn’t ask for a new password from ebay.
The requests came from the same IP address and ISP host. And it wasn’t my ISP.
So … Does this sound a bit ominous? Or is it just somebody trying to get a new identity on ebay?
Email an admin at E-Bay and ask them, it might just possibly be an error on their part. If it’s not, they have resources to bring the hammer down on whoever’s trying to get your info.
Tracking down an admin at ebay seems to be quite a chore from what I can tell from their website.
Check the headers against those in your original confirmation email.
It really doesn’t sound like something e-bay would do.
Try logging onto ebay and seeing if you can find an abuse@ebay type link.
Thanks for the help. I did finally find a place to email my concern.
I can still log on to ebay using my ID and password. The odd thing is that I don’t use ebay. I have purchased one item from it and that was last year. I haven’t been to the site recently.
This is called Password Phishing. Do not respond to phishers. They’re trying to steal your password. Check the origination of any message asking for your password. No online service would ever ask for your password by email, or send email asking for you to log on and enter your password. Why would they ask for it? They already know it. No, they never lose your password.
A classic example: I have an account at excite.com. Someone sent me a mail asking me to log into a web page to sign back in again. Except the page wasn’t excite.com, it was something like excite.bogussite.com. That’s definitely NOT excite.com, it’s a subdomain of bogussite.com.
Any malicious hacker can pull this stunt off. They use it to attract you and get you to give up your password. Then they collect it, usually they use it for spamming… like sending spam messages in YOUR name. Or worse.
So, it’s likely that these weren’t messages from ebay, but ones that were made to look like they were from ebay?
I haven’t responded to them. They don’t ask me to enter a password, but instead direct me to a link where I can change it. The link does appear to go to ebay.
Something seems funny here. Perhaps ebay will enlighten me.
eBay has a division called SafeHarbor that investigates frauds like this. You can submit a report from this page, and they will handle it from there.
Yeah, that sounds like a classic trick. It’s called a “login emulator.”
With a login emulator, you would first hit the ebay.bogussite.com, which has a faked ebay.com page on it. You log in and it looks like you’re logging in normally. Except bogussite.com records your username and password, and then you get forwarded to the real ebay.com. It looks legit, you can hardly tell the difference when you switch to the real site.
Send a mail to eBay security as Fear suggested. If they don’t know about this guy, they should.
Maybe a hack, maybe not.
When you forget your password at E-bay, they give you a link to a page. When you get there, they don’t ask for the password; they ask a couple of questions that only you should know (you entered these when you signed up).
If you get to that page, then you’re talking to e-bay. So there are two possibilities:
Someone is trying to hack into your account. This is a particularly stupid way of doing it, however, since they’d never get the information they needed.
Someone forgot his password and has been entering the wrong e-mail address. This is also stupid.
So Hanlon’s Razor (“Never attribute to malice that which can be adquately explained by stupidity.”) would seem to apply. 
Another possiblity (hey, dig me looking on the bright side of a situation) is that someone has innocently mistaken your logon ID for their own and is legitimately trying to get back into their own account.
I’ve had situations similar to this where I’ve gone to sign up for, say, a new e-mail account. I gave it my usual first-choice user name as part of signing up and it choked, saying somebody was already using it. Well, to save myself the trouble of starting anew, I’ll try logging in using that name and the two or three “usual” passwords I keep going at any one time. If those fail, I’ve been known to throw caution to the wind and have the service e-mail me my password or my secret question or whatever. To date, none of these requests have failed to come back to me, but I can certainly see the possibility.
Either way, you definitely are doing the right thing to be cautious, BobT.
Stupidity could be a factor. I get a lot of e-mails sent to me by people who think that I am someone else.
They don’t seem to realize that my name isn’t Barbara, because that’s who’s getting the messages. I never reply to those e-mails to tell them they have a wrong address. I just figure that it’s easier to let everyone figure out when no one responds.
One time someone ended up e-mailing me their airline itinerary because they put in the wrong address.
My office phone is very similar to that of the local town court. A couple of times I got calls from people who left a message that they wouldn’t be able to make it to their trial. They left no phone number.
I don’t think they’ll make that mistake again.
Quoth RealityChuck:
Three possibilities, actually. Consider this: Phisher knows your ebay user name, and tries to long in as you and hits the button saying that he’s forgotten your password. Phisher now sees your special question. Phisher then sets the login emulator to ask you your question, and e-mails you. You answer the question, thinking it’s ebay, and phisher now knows the answer to your special question. Phisher uses that answer to get your password, and login emulator forwards you on to ebay.
Of course, this entire process could be automated. Phisher himself would probably never even open up his browser.
I think I accidentally do that once a month or so to someone. I tried to register at http://www.thesims.com with my usual name, Ariadne, but someone already had it. So I used a different name. Now, every time that cookie gets deleted, I somehow forget that my login name isn’t Ariadne there and request that Ariadne be sent her password. Whoever actually has that login name must wonder what is going on when her password is sent to her so often.
Oh well, at least thesims is not a really important site. I can see why you’d be worried about an ebay password though, but I bet the person is just absent-minded.
this was an AOL scam some time ago. Basically you would get an email stating your account needs to be updates, click this link to update. When you did you are directed to enter your master screen name, password, and credit card info or checking account number and routing number along with a check off list of that ansi? character next to your account # on your checks.
You would need to find the complete header of the email to find out who really sent it.
As k2dave said its really an old AOL scam. I almost fell for it once too.
I would visit the web site it takes you to, then do a WHOIS (you can find a cool whois: redshift.com) & contact the people who own the web site so they can take it off. It probably already has been.
I would like to thank everyone for their advice.
Ebay did get back to me. They investigated the problem and determined that it was someone who was mistyping their user name and I was getting the e-mail to change the password by mistake.