AuctionBytes Blog
Covering auctions, collectibles and marketplace selling.

AuctionBytes Blog The AuctionBytes Blog has been giving a voice to online merchants since its launch in 2005. Named one of the world's top 30 blogs in 2008 by "Blogging Heroes." Weigh in with your thoughts on the joys and pitfalls of selling online.
Fri Jan 6 2012 17:09:12

eBay and Online Sellers Beware of Spoofs and Mules

By: Ina Steiner

Sponsored Link

The FBI issued an announcement today about spoof emails targeting consumers who do online banking. In it, they also mention unsuspecting mules hired via "work at home" advertisements who end up laundering some of the funds stolen from bank accounts. I wrote about these kinds of scams in 2003, but it's worth a reminder, as it's easy to let one's guard down.

In fact, this week I received an email with InkFrog in the sender line and the subject line, "Your eBay token is invalid-creates a new token!" However, it was a spoof email cleverly executed.

When I opened the email, the from line read, "lnkFrog"<lnkFrog@message.com>" and the body of the message ran:

Dear eBay Seller,
We have detected that your eBay token is invalid. This may interrupt your ability to post listings on eBay and may also prevent your buyers from being able to complete eBay checkout. It is strongly recommended that you create a new token as soon as possible to avoid the interruption of our inkFrog services..

To prevent the activity on your details to remaining interrupted, please update your inkFrog details and create a new eBay token within the next 24 hours.

To complete the procedure, please go in to your inkFrog details by clicking on the "sign in " option below :
http;//inkfrog.com/signin./preference/vid=create_ebay_token?action=validate

Thank you!
Sincerly Yours,
inkFrog Staff.

The scammers spoofed the legitimate InkFrog site, but it could just as easily been any other eBay listing tool they chose to impersonate. (To reiterate, InkFrog is a victim of this spoof, just as eBay, PayPal and banks often are, it is not the perpetrator.)

When I looked at the headers, the email showed it had actually come via "earthlink.net," and hovering over the URL, it showed that if I clicked on the hyperlink, it would actually have taken me to donazione-per-il-giappone.com.

Always be on the lookout for spoof emails - and never click on a link in an email to log in to a secure account!

Pictured above - advice from the FBI website.




Comments (10) | Permalink

Readers Comments

eBay and Online Sellers Beware of Spoofs and Mules   eBay and Online Sellers Beware of Spoofs and Mules

by: SusanT This user has validated their user name.
Web Site

Fri Jan 6 17:29:07 2012

I have always thought it rather odd that every single spoof that I have gotten from both eBay and PayPal in my 10+ years experience have always came from earthlink.net. Not sure if there is a connection there.

When I discovered that earthlink had taken over PeoplePc, I abruptly stopped them. No they did not notify me, but the service kept getting worse and worse. And the spam messages would triple. No matter what I had my security level set at.

eBay and Online Sellers Beware of Spoofs and Mules   eBay and Online Sellers Beware of Spoofs and Mules

by: OhForPetesSake

Fri Jan 6 18:40:48 2012

Some people shouldn't be allowed within a hundred feet of any computer. Those are the ones that just open us anything and everything thinking " Wow someone actually wants to email me "

eBay and Online Sellers Beware of Spoofs and Mules   eBay and Online Sellers Beware of Spoofs and Mules

by: Patricia This user has validated their user name.

Fri Jan 6 20:51:51 2012

It does seem the spoofs are growing by the day.  I delete all of them.  I keep telling people never, ever click on a link in an email and some are just too dense to understand.  My neighbor continually sent me links to see this and that and I always tell here I deleted them...."its from me" she would say....until her friend sent her an email that didn't make much sense to her and she found out her friend's computer had been taken over!  Its amazing how much damage these people can do to themselves because they are simply computer illiterate!

eBay and Online Sellers Beware of Spoofs and Mules   eBay and Online Sellers Beware of Spoofs and Mules

by: dans parts This user has validated their user name.

Fri Jan 6 22:44:13 2012

My mother-in-law is one of those ''trusting'' people like Patricia's neighbor.  And now I've got her new computer and her just replaced one (which is probably perfectly fine) to work on while she is in Florida for the winter to see if I can recover anything from them that is still usable - after the disaster.  All her pictures, all her files (minutes from church meetings, etc) - all gone.

I got more or less the same email ''from'' IF that Ina got, although I will say that the pigeon English that was in hers was NOT in the one I got - the phraseology and context was perfect American English.  Of course, it originated the same place as hers.  Sent Greg an email telling him he better put up the warning flags once again, sigh...

Telling them they shouldn't open links?  Is that like you can lead the horse to water, but...

eBay and Online Sellers Beware of Spoofs and Mules   eBay and Online Sellers Beware of Spoofs and Mules

by: Charlie W. This user has validated their user name.
Web Site

Sat Jan 7 08:09:07 2012

My email client has a feature that allows me to filter (and sort) incoming messages based on many different variables.

I've configured a couple of email filters to look at the ''from'' address as well as a couple of other bits of information that's included in the email header.

For example, one filter uses the following logic:

IF the ''from'' header DOES contain ''paypal.com'' AND the ''domainkey-signature'' header DOES NOT contain ''paypal.com'' THEN move to ''Scams'' folder AND play ''uh-oh.wav''

Another one:

IF the ''from'' header DOES contain ''ebay.com'' AND the ''return-path'' header DOES NOT contain ''ebay.com'' AND the ''reply-to'' header DOES NOT contain ''ebay.com'' AND the ''message-id'' DOES NOT contain ''JavaMail.SYSTEM'' THEN move to ''Scams'' folder AND play ''uh-oh.wav''

Well, that's general idea of how a filter can help to spot the potentially dangerous phishing emails.

The examples above show just one filter for eBay, and one filter for PayPal, but my email client actually has multiple filters with additional checks and comparisons that include other header fields, as well as the content of the message.

This method is not 100% perfect, and you should always be on the lookout, but this greatly reduces the number of fraudulent emails that are delivered directly to my default ''In'' box.

eBay and Online Sellers Beware of Spoofs and Mules   eBay and Online Sellers Beware of Spoofs and Mules

This user has validated their user name. by: Siobhan

Sun Jan 8 14:02:53 2012

I've received such ''spoof'' emails, some with ridiculous subject lines like, ''IRS is investigating your...''. Fortunately, I've found them in my spam email and know that they are such and delete without opening.

Yes, that is funny about some folks ought to be kept away from a PC. Are there still people out there who think, ''Wow! Someone sent something to me!'' LOL!

eBay and Online Sellers Beware of Spoofs and Mules   eBay and Online Sellers Beware of Spoofs and Mules

by: Puamelia

Tue Jan 10 01:19:13 2012

My FIL insists on clicking on pop-ups despite our best efforts over the year. He recently believed one that said he had a virus and even put his Visa in. Lost $65. He still can't figure out how they ''knew'' he had a virus. (!!!)

eBay and Online Sellers Beware of Spoofs and Mules   eBay and Online Sellers Beware of Spoofs and Mules

by: Paul A

Tue Jan 10 01:34:51 2012

PayPal, which should be very concerned about spoof emails, continues to send emails with login links in them, making it much more likely that users will fall victim to a similar spoof email.  Just another reason to keep your PayPal balance low and to link PayPal not to any bank account where you regularly have funds, but to a credit union account opened with a $5 deposit, whose only purpose is for use with PayPal.

eBay and Online Sellers Beware of Spoofs and Mules   eBay and Online Sellers Beware of Spoofs and Mules

by: p3orion

Tue Jan 10 12:58:26 2012

You're right that Paypal sends emails with sign-in links.  However, they always address you by name, whereas a spoof email will usually address you as "Paypal user," "Ebay Seller," or something of that sort.

eBay and Online Sellers Beware of Spoofs and Mules   eBay and Online Sellers Beware of Spoofs and Mules

by: mindelec This user has validated their user name.

Tue Jan 10 14:43:59 2012

i've have gotten paypal spoof emails with both my first and last name...

the only sure way to see if there is a problem is to actually go to the site and NEVER click an email link.



Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.