[Site Home] [Forum Home] [Articles] [File DB] [News Archives]

Networks/Telecom/Security -> password change ebay scam


(View original topic)


Red Squirrel - Jan-02-2006 server time
Haha must be. Even the viagra people are getting a bit better. I actually saw the entire word viagra spelled correctly in a couple emails. I was like, WOW. Problem with this bad spelling, it buts such a load on my server since I have a bunch of sophisticated regex rules to try and match every possibility.

alienz - Jan-01-2006 server time
they must be using spell checkers now.

Red Squirrel - Nov-05-2005 server time
QUOTE

Hello,

Thank you for writing to eBay regarding the email you received.

Emails such as this, commonly referred to as "spoof" or "phished"
messages, are sent in an attempt to collect sensitive personal or
financial information from the recipients.

The email you reported was not sent by eBay. We have reported this email
to the appropriate authorities.

[...]



Red Squirrel - Nov-04-2005 server time
Haha yeah, usually these people can't spell worth crap, even *I* can spel better than them at teh english.

Chris Vogel - Nov-04-2005 server time
Thank you for the warning, Red! smile.gif

I can’t get over how good the English is!

Red Squirrel - Nov-04-2005 server time
There's tons of these, don't fall for them!

here's the latest. I reported them.

Oh and for those interested this is the email headers:

CODE

Return-Path: <account@ebay.com>
X-Original-To: email_webmaster@localhost
Delivered-To: email_webmaster@localhost.iceteks.com
Received: from localhost (localhost.localdomain [127.0.0.1])
by local.iceteks.com (Postfix) with ESMTP id A7783EC05E
for <email_webmaster@localhost>; Fri,  4 Nov 2005 18:45:12 -0500 (EST)
Envelope-to: webmaster@iceteks.com
Delivery-date: Fri, 04 Nov 2005 17:39:51 -0600
Received: from iceteks.com [67.15.18.51]
by localhost with POP3 (fetchmail-6.2.5)
for email_webmaster@localhost (single-drop); Fri, 04 Nov 2005 18:45:12 -0500 (EST)
Received: from [195.222.52.2] (helo=192.168.1.247)
by curd.lolerskates.com with smtp (Exim 4.52)
id 1EYB9x-0002Te-7H
for webmaster@iceteks.com; Fri, 04 Nov 2005 17:39:50 -0600
Received: from 184.180.249.15 by; Fri, 04 Nov 2005 22:28:30 -0100
Message-ID: <IXSTLJVBRIZPOKFVIGXIYT@verizon.net>
From: "eBay Online Account" <account@ebay.com>
Reply-To: "eBay Online Account" <account@ebay.com>
To: webmaster@iceteks.com
Subject: IMPORTANT: Change Your Password
Date: Sat, 05 Nov 2005 05:19:30 +0600
X-Mailer: MIME-tools 5.503 (Entity 5.501)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--04260617651351902536"
X-Priority: 1
X-MSMail-Priority: High
X-Antivirus-Scanner: Email found to be virus free
X-Virus-Status: No
X-Virus-Checker-Version: clamassassin 1.2.2 with clamscan / ClamAV 0.85.1/1162/Thu Nov  3 12:15:03 2005
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on borg
X-Spam-Level:
X-Spam-Status: No, score=-83.9 required=4.0 tests=BAYES_99,HTML_80_90,
HTML_MESSAGE,HTML_TAG_EXIST_TBODY,MIME_BOUND_DD_DIGITS,MIME_HTML_ONLY,
MIME_HTML_ONLY_MULTI,MIME_QP_LONG_LINE,MISSING_MIMEOLE,MPART_ALT_DIFF,
MSGID_SPAM_CAPS,USER_IN_WHITELIST autolearn=no version=3.0.4
X-Spam-Report:
*  4.1 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
*  3.8 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
* -100 USER_IN_WHITELIST From: address is in the user's white-list
*  0.1 HTML_80_90 BODY: Message is 80% to 90% HTML
*  0.1 HTML_TAG_EXIST_TBODY BODY: HTML has "tbody" tag
*  1.3 HTML_MESSAGE BODY: HTML included in message
*  0.1 MPART_ALT_DIFF BODY: HTML and text parts are different
*  3.9 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
*      [score: 1.0000]
*  0.2 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
*  0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars
*  2.4 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts
*  0.0 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
X-IMAPbase: 1115582092 876 NonJunk
Status: O
X-UID: 876
Content-Length: 4792
X-Keywords:                                                                                                    

----04260617651351902536
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

(Showing 50 last posts, newest on top)