So, I get this email that looks *just* like it was sent from eBay. It's for me and it says "Did you send my money ? I see you received my item." It also contains an ebay-formatted description of an auction item I had supposedly won.
Confused, as I am only a seller on eBay not a buyer these days, I quickly checked to see what email address they sent this email to. Turns out, it was an old address I haven't used on eBay for years. Being the kind and concerned person I am, I click the link to see what item someone thought I had bought. I get to the above screen. Looks just like the eBay sign-in screen right?
Well, I typed in my info and tried to click the "sign me in all day" box only to find that it wasn't clickable. I then noticed that my password wasn't hiding behind the standard chain of asterisks. Then, I checked the URL:
Yep--not actually eBay. So, I realize immediately that it's entirely possible that the fake eBay page may have had a key-logging script on it so, quickly I logged into eBay for real and changed my password. Then I looked up that domain to see just who these losers are. Here's the info I got from a WHOIS lookup:
Domain name: cghebay.com
Whois Privacy Protection Service, Inc.
Whois Agent (firstname.lastname@example.org)
PMB 368, 14150 NE 20th St - F1
Bellevue, WA 98007
Isn't that nice?
So, be warned! Don't EVER log into ANYWHERE without checking the URL!
That's the thing about the spam email--the text for the auction link I clicked on made it look like the link led to eBay.com, but that was only the link text. The URL in the code sent me to that other domain.
What's even more scary is that if they had just taken a moment to make that checkbox work, I'd have fallen for it. ME. Mr. Suspicious!!
VERY lame. So, everyone be careful!
Mobile post sent by thepete using Utterz. Replies.