What's the scam with these eBay e-mails

About once a week I’ll get an e-mail claiming to be from eBay, or eBay.co.uk, or both, containing a message supposedly addressed to someone else. The e-mail always contains a message from a buyer or seller, something like “Does the laptop you are selling have a 20 or 40 gig hard drive,” “I’ve paid for my laptop, where is the bloody thing,” or “be a good bloke and pay me for the laptop you’ve submitted the winning bid on.”

The e-mails contain things such as item numbers, product descriptions and the like, although none of them seem to check out (ie the item nuber doesn’t exist, doesn’t mach the description, etc.) They contain HTML, and I am using a text-only client, so they get a bit scrambled. Are these a result of actual errors on eBays’ part? If not, what’s the scam? What is the response the scammers are trying to provoke from me? I can provide the most recent of these emails if anyone wants to see it.

Have you submitted them to Ebay’s security group? I would think they would be interested in seeing them whether they are fraudulant or not…

They might have a link to “eBay” which is a spoof site just to get your username and password. Once they get those, they can use your account with good feedback to scam people.

I get those emails. If you look carefully at the links that they want you to click on, you’ll see that they don’t actually go to the eBay Web site. I would venture a guess that the actual link target is a phishing site, which will look exactly like an eBay login screen. When you enter your login information, it gives them complete access to your eBay account.

well plenty of laptops get sold via ebay, maybe they are hoping to intercept a payment for a laptop they didnt sell or get someone to send a laptop they didn’t pay for. I know I have had an occasional chaotic sale day on ebay with 5-6 similar items closing within a few hours, something like this could throw you if you are not careful.

Yeah, it’s a scam. I get about two of those a week.

They look a lot like real “Message to eBay” or “Message to Seller” messages, including real links to the actual images hosted by eBay for use in those very same HTML mailings.

The kicker is in the critical link for those messages – usually the item number (for eBay scams) or the dispute panel (for PayPal scams). The URL is usually formatted like “www.ebay.com-somesite.info” or “www.paypal.com-somesite.info” (.info domains being easy, cheap and disposable) Rank neophites will often overlook (or will not be aware of) the fact that the domain parsing does not stop at the “.com”

The offending site will usually be drawn up to look just like the eBay or PayPal login screen, except of course that its scripts will simply record your login and password for use by the scum puppies that set the scam up.

Forward any fake eBay emails to spoof@ebay.com and they’ll investigate. I’ve had good luck with this process.

You might want to read The Powerbook Prank, a somewhat famous internet tome. Bit long, but it reads like a spy novel! :smiley:

When you forward the e-mail to spoof@ebay.com, be sure to include the full headers so that eBay can trace the origin of the fake e-mail.

I tested it out with a spoof account and realised that once I logged into the phishing site with my login/password, I was redirected to my real E-bay account.
So the bad guys get your details and you never ever realise that you’ve been had.

Smart. They record your login information, then immediately pass it along to the eBay script to log you into your real eBay account.

It’s amazing that they can work all of this out, yet they still can’t spell worth a damn.

I once logged onto a scam ebay site using f***you as my user name and password. And it worked!