[thelist] phony ebay scam? Security of info on the web

Tom Dell'Aringa pixelmech at yahoo.com
Mon Feb 24 13:45:48 CST 2003

I probably will owe a tip for this, but I am wondering about how this
was done development wise.

My in-laws got this message which is apparently bogus - and had a
real hard time figuring out why they got it since their card was
good. The scary thing about this message is their name is correct,
and I think the 4 digits showing on the cc are correct.

How could someone get this info off the ebay servers if it is
encrypted? I guess ebay is getting calls all day about this. I looked
over the email, and aside from 1 or 2 grammar things it looks totally
legit. I thought maybe the cgi3.ebay links were phony, but they
appear to be valid - if you click on it you are asked to log in. What
does this say about security on the web!

Heres the email:
> *******Please Do Not Reply To This E-Mail As You Will Not Receive a
> Customer Account:    E26093264001-USD <-- this is probably fake
> Customer Name:       ##their real name was here##
> Credit Card Account: 5555-XXXX-XXXX-XXXX  <--the #s here were right
> Payment Due:         $49.09
> Dear ##Their Name##:
> We are writing to alert you that your balance is still not paid,
your debit/credit card declined eBay's second attempt to charge to
card. There are only a few days left to make payment before the end
of your
billing cycle. If your account becomes past due, it will be blocked
additional bids or listings.
> Your payment for your invoice amount is still due. You can make
payment by
check, money order or by submitting a one-time credit card payment
Please use the links below:
> To view your account balance:
> http://cgi3.ebay.com/ws/eBayISAPI.dll?ViewAccountStatus
> To make a payment now go to:
> http://cgi3.ebay.com/aw-cgi/eBayISAPI.dll?PayCouponShow
> If you want to review or update your credit card billing
information, or
place a different card on file for eBay billing, please use the link
> https://arribada.ebay.com/saw-cgi/eBayISAPI.dll?PlaceCCInfo
> Several factors outside of eBay's control may have caused your card
decline. We can suggest:
> * Confirm that the credit card number and expiration date that you
have on
file with eBay are accurate and up to date.
> * Contact your card-issuing bank and confirm with the card issuer
> * your card account is in good standing;
> * adequate credit is available on the account to accept the charge;
> * the account does not have a internet/phone order block; and
> * if the account is new, the account has been activated.
> * If you have a debit or check card on file, please remember that
cards may be subject to usage limits set by your bank. Contact your
bank to determine if there are daily and/or transaction limits or any
restrictions that may cause your card to decline.
> Your prompt attention to this matter is greatly appreciated.
> Thank you,
> eBay Customer Accounts

If this does turn out to be fake its pretty disturbing. They did
cancel their CC however.

(I owe one)

var me = tom.pixelmech.webDeveloper();

[Making A Commercial Case for Adopting Web Standards]

Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more

More information about the thelist mailing list