[thelist] phony ebay scam? Security of info on the web

Tom Dell'Aringa pixelmech at yahoo.com
Mon Feb 24 13:45:48 CST 2003


I probably will owe a tip for this, but I am wondering about how this
was done development wise.

My in-laws got this message which is apparently bogus - and had a
real hard time figuring out why they got it since their card was
good. The scary thing about this message is their name is correct,
and I think the 4 digits showing on the cc are correct.

How could someone get this info off the ebay servers if it is
encrypted? I guess ebay is getting calls all day about this. I looked
over the email, and aside from 1 or 2 grammar things it looks totally
legit. I thought maybe the cgi3.ebay links were phony, but they
appear to be valid - if you click on it you are asked to log in. What
does this say about security on the web!

Heres the email:
==================================================================
> *******Please Do Not Reply To This E-Mail As You Will Not Receive a
Response*******
> Customer Account:    E26093264001-USD <-- this is probably fake
> Customer Name:       ##their real name was here##
> Credit Card Account: 5555-XXXX-XXXX-XXXX  <--the #s here were right
> Payment Due:         $49.09
>
>
> Dear ##Their Name##:
>
> We are writing to alert you that your balance is still not paid,
because
your debit/credit card declined eBay's second attempt to charge to
your
card. There are only a few days left to make payment before the end
of your
billing cycle. If your account becomes past due, it will be blocked
from
additional bids or listings.
>
> Your payment for your invoice amount is still due. You can make
payment by
check, money order or by submitting a one-time credit card payment
request.
Please use the links below:
>
> To view your account balance:
> http://cgi3.ebay.com/ws/eBayISAPI.dll?ViewAccountStatus
>
> To make a payment now go to:
> http://cgi3.ebay.com/aw-cgi/eBayISAPI.dll?PayCouponShow
>
> If you want to review or update your credit card billing
information, or
place a different card on file for eBay billing, please use the link
below:
> https://arribada.ebay.com/saw-cgi/eBayISAPI.dll?PlaceCCInfo
>
> Several factors outside of eBay's control may have caused your card
to
decline. We can suggest:
> * Confirm that the credit card number and expiration date that you
have on
file with eBay are accurate and up to date.
> * Contact your card-issuing bank and confirm with the card issuer
that:
> * your card account is in good standing;
> * adequate credit is available on the account to accept the charge;
> * the account does not have a internet/phone order block; and
> * if the account is new, the account has been activated.
> * If you have a debit or check card on file, please remember that
these
cards may be subject to usage limits set by your bank. Contact your
issuing
bank to determine if there are daily and/or transaction limits or any
other
restrictions that may cause your card to decline.
>
> Your prompt attention to this matter is greatly appreciated.
>
> Thank you,
>
> eBay Customer Accounts
========================================================

If this does turn out to be fake its pretty disturbing. They did
cancel their CC however.

Tom
(I owe one)


=====
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
http://www.pixelmech.com/
var me = tom.pixelmech.webDeveloper();

http://www.maccaws.com/
[Making A Commercial Case for Adopting Web Standards]

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/



More information about the thelist mailing list