|Heads up for ebay users.||jaybird|
Dec 11, 2002 11:06 AM
|I thought this might be some good info for all of you ebay junkies. I found the link to this bbc article on www.drudgereport.com.
The world's largest online auction site eBay has been targeted by fraudsters using a shadow site to steal credit card details from its 55 million customers.
The scam involved sending e-mails to customers asking them to log on to a Florida-based website - ebayupdates.com - and re-submit their financial details.
[eBay] never asks its users for their user ID and password
"We at Ebay are sorry to inform you that we are having problems with the billing information of your account," the e-mails said, writing the name incorrectly with a capital E.
"We would appreciate it if you would visit our website [Ebay Billing Center] http://www.ebayupdates.com and fill out the proper information that we are needing to keep you as an Ebay member."
US internet watchdog SANS Institute Internet Storm Center has issued a warning about the site.
In a statement to BBC News Online, eBay said it "never asks its users for their user ID and password."
"Fraud constitutes less than 0.01% of all transactions that take place on the site," it added.
The shadow site has been taken down.
The e-mails began appearing about a week ago.
The WHOIS database of websites showed ebayupdates.com was registered in Niceville, Florida on 6 December this year.
California-based eBay has issued warnings on its site about e-mails asking for passwords or credit card details.
"Some members have reported attempts to gain access to their personal information through e-mail solicitations that are falsely made to appear as having come from eBay," the company said.
"These solicitations will often contain links to web pages that will request that you sign in and submit information...eBay employees will never ask you for your password."
In November it was reported that some eBay customers' e-mail addresses could be seen on the company's website.