I’ve received a few e-mails with the title “Re: Question for seller – Item 765432109”, where “765432109” is a random, invalid, eBay item number. (I’ve noticed that the number usually starts with a higher digit, such as 7, 8 or 9, than actual item numbers which seem to start with 3.) It looks like a legitimate response to a question, and I do ask sellers questions on eBay; but the item description is not something about which I’ve asked, and the user ID of the person who asked the question is not mine.
The item description is cgi.ebay.com /ws/eBayISAPI.dll? ViewItem&item=932324404 (“http” removed and spaces inserted so that it wouldn’t be an active link), but the url is 66.169.74.16:9092 /ws/eBayISAPI.dll&ViewItem&item=8360455404 &category=99406.html (similar edits).
I use Netscape for my e-mail. At the bottom of the e-mail is a Netscape icon: A page with the upper-right corner folded down, a pink triangle in the lower-left corner, and a green diamond and blue square between the fold and the triangle. IIRC, this is the “image not found” icon; but I’ve given up using Netscape for browsing because many pages crash it. There is no link on this icon. When I right-click on it, there are no actions that one would expect with a picture (e.g., “Properties”).
There are no attachments that I can see.
Is there something hidden in the e-mail that activates when I read it? My Norton Anti-Virus program (with Live Update) has not detected anything. Or is the spoofed URL the point of the e-mail? That is, do they expect a person who receives this to say to himself “Hm. I didn’t bid on this. I haven’t even looked at any snowmobiles [or whatever – J.L.A.]. Gee, I’d better click on this link to see what it is!”? Is the URL to a virus? Or is it a sales spam? (No, I’m not clicking on it.)
I have gotten one of these, too, although the item number on mine was actually valid. Out of curiosity, I just looked up the domain that corresponds to the IP address contained in that link in your email, and it is in a block belonging to Charter Communications, an ISP - not eBay. My guess is the same as your own conclusion: it’s spam trying to get you to click on that link. I’d forward the email messages to spoof@ebay.com, then delete 'em.
Ain’t spam grand!
Tiny disclaimer: I’m an editor, not a net guru. It is entirely likely that someone with more sophisticated knowledge will squash my advice like the fragile flower that it is.
It’s actually a garden-variety “phishing” scam. The point of the initial e-mail is to scare you into clicking the link without looking too hard at the e-mail. They are usually riddled with grammatical errors, but the real tipoff is that the link doesn’t actually go to eBay. When you click the link, you are actually taken to another website that has a look-alike page asking you to “confirm” your eBay signon and account information. This information is then harvested for fraud. You can tell by cutting and pasting the link address into Notepad or something. You’ll see two URLs “strung together” with the @ symbol: the fake eBay one and the real on you are redirected to.
But the substance of the previous warnings is correct. Delete it. If you are worried about your eBay account status, you can close the e-mail, open your browser, go to eBay manually, and sign in.
I forwarded the message to spoof@ebay.com and received a quick reply:
Since I knew that I didn’t need the things (in the latest case, a snowmobile) I knew right away that it was some sort of scam. I always delete these as soon as I recognize them. Actually, I delete them from my web-based spam blocker before I ever let them into my mailbox. But I missed the item number this time. I did not click on the link; but since it was in my mailbox I decided to right-click on it to find out where it was going. Nope, not eBay.
Just to make sure everyone is clear: There is a reason I made the links un-clickable. If the idea of the e-mail was to get an unsuspecting person to click the link, it’s not a good idea to click on it in a message board. Do NOT copy-and-paste it to see where it goes!