I received this today:

FPA NOTICE: Suspicious Activity -Section 9- [Email]philip.ohare@******.com[/Email]
Your bank has contacted us regarding some attempts of charges from your credit card via the eBay system. We have reasons to believe that you changed your registration information or that someone else has unauthorized access to your eBay account Due to recent activity, including possible unauthorized listings placed on your account, we will require a second confirmation of your identity with us in order to allow us to investigate this matter further. Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed we reserve the right to suspend your eBay registration. If you received this notice and you are not the authorized account holder, please be aware that it is in violation of eBay policy to represent oneself as another eBay user. Such action may also be in violation of local, national, and/or international law. eBay is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law.

Per the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.
Due to the suspension of this account, please be advised you are prohibited from using eBay in any way. This includes the registering of a new account.

To confirm your identity with us click here:
https://signin.ebay.com/aw-cgi/eBayISAPI.dll?OneTimePayment&ssPageName=h:h:sin:US

After responding to the message, we ask that you allow at least 72 hours for the case to be investigated. Emailing us before that time will result in delays. We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter.

Respectfully,
Trust and Safety Department
eBay Inc.
http://www.ebay.com/

This message and any files or documents attached may contain classified information. It is intended only for the individual or entity named and others authorized to receive it. If you are not the intended recipient or authorized to receive it, you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately then delete it from your system. Please also note that transmission cannot be guaranteed to be secure or error-free.

I assumed it to be the normal spoof email but when I entered nonsense for the username and password it said the submitted info was not correct.

The header is:
Return-Path: <[email protected]>
Received: from aamta04-winn.ispmail.ntl.com ([81.103.221.35])
by mta06-winn.ispmail.ntl.com with ESMTP
id <20050610214729.KLAU6731.mta06-winn.ispmail.ntl.com@aamta04-winn.ispmail.ntl.com>
for <philip.ohare@******.com>; Fri, 10 Jun 2005 22:47:29 +0100
Received: from callaway.webserveronline.com ([64.34.171.17])
by aamta04-winn.ispmail.ntl.com with ESMTP
id <20050610214729.YHLA8825.aamta04-winn.ispmail.ntl.com@callaway.webserveronline.com>
for <philip.ohare@******.com>; Fri, 10 Jun 2005 22:47:29 +0100
Received: from scots by callaway.webserveronline.com with local (Exim 4.51)
id 1DgrLk-0005vF-6c
for [Email]philip.ohare@******.com;[/Email] Fri, 10 Jun 2005 16:47:36 -0500
To: [Email]philip.ohare@******.com[/Email]
Subject: FPA NOTICE: Suspicious Activity -Section 9- [Email]philip.ohare@*******.com[/Email]
From: <[email protected]>
Message-Id: <[email protected]>
Sender: <[email protected]>
Date: Fri, 10 Jun 2005 16:47:36 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - callaway.webserveronline.com
X-AntiAbuse: Original Domain - ntlworld.com
X-AntiAbuse: Originator/Caller UID/GID - [686 687] / [47 12]
X-AntiAbuse: Sender Address Domain - callaway.webserveronline.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-Antivirus: AVG for E-mail 7.0.322 [267.6.6]
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=======AVGMAIL-42AAE2C26057======="

Anyway it looks suspect to me but why would they send me to a genuine eBay login page?

It's dodgy considering it was sent from callaway.webserveronline.com

Is it a HTML email? If so, check that what the link actually points to is the same as the text description of the URL.

Did you copy-and-paste the URL or did you click on it? Most of the ones I've seen have the actual URL be something like "http://www.ebay.com:crappassword@realhostname/blah", so it looks a lot like a real ebay url, but is not. Also, it wouldn't be very hard for them to automate taking the username and password you enter and toss it at the real eBay to see if it checks out.

No its a text only email. And the eBay link appears to be genuine - when I open the link and enter made-up username and passwords it returns that they are not recognised.

I received almost the same mail a few weeks ago and chose to ignore it...I figured it was fake because of the "Trust and Security Department". My eBay account is still fine so I guess it was a phony after all...

When I click the link it says the security certificate has problems. When I copy and paste, nothing happens at all - the browser just sits there. I was pretty certain is wasn't genuine but looks like they are trying new techniques.

Yes I think I will forward it to eBay (if they even care). Wfaulk... yes you're right there appears to additions to the URL when the browser loads the page.

Cheers guys for confimring my suspicions.

I went to the genuine eBay sign in page and copied the URL, you can see the minor differance between the genuine:

http://signin.ebay.com/ws/eBayISAPI.dll?...STRK:ME:RMDR:HP

And your phony:

https://signin.ebay.com/aw-cgi/eBayISAPI.dll?OneTimePayment&ssPageName=h:h:sin:US

So another indicator that's it fakeroo

(Kinda moot post now)

Actually that's Trust and Safety Department" and that is in fact what we call it.

(I work at eBay). However, yes, this email is as fake as my ex-wife's smile.

-- Gary F.

Believe me, we care. The trust and safety department works their collective asses off. I'm a developer, but even I send stuff like this to them all the time. They are constantly working to keep things clean, it's just that the sheer quantity of users we have makes it hard to keep all the scumbags out.

-- Gary F.

And just a reminder for all phishing scams (scams to get your personal account info), you can always call the actual company and ask if it's legitimate, taking their phone number from their actual website. I admit, though, that was a tricky one.

Foz, I've always wondered, do abuse departments try to shut down the immitation websites and crack down on their creators? The offended company must have a lot of legal ground to back them... in the USA only, unfortunately.

They try to, but for the most part you can't do too terribly much about it. What the really strive for is to educate and protect as much as possible in those cases. Unfortunately, a lot of people don't want to be educated, but then they want to scream bloody murder when they get phished even when they do something that eBay (or any other company) has told them repeatedly DO NOT DO.

You just can't win sometimes.

Apologies for going slightly OT here but I think the original post has been addressed.

Foz, what in your opinion can (or should) be done about the numerous SCO scams doing the rounds nowadays?

The offer messages that are sent via the eBay system have some very good advice automatically inserted by eBay ahead of the actual member-to-member message, but as was posted previously, some members still manage to ignore good common sense advice.

Honestly? I don't think there's much you *can* do technologically wise. There comes a point when you have to simply rely on intelligence and education.

I got another one from some paypal phisher today warning of dire consequences if I don't verify my paypal account... 'sif.

I've FINALLY got my family trained to CALL ME before they click on any of those links. Now if I can just get them trained to ignore anything of that variety it will be a win. Gmail recently added in some good anti-phishing measures and they put a huge red bar across the top of any suspected phishing emails warning that this is potentially a scam. That's about as far as I've seen anyone go and I'm POSITIVE some people still simply ignore it and go ahead and give up the goods.

It's not only the people that fall for these that are ignorant, though. The crooks can be pretty ignorant too. As an eBay employee I am REQUIRED to post on all my auctions that I'm an employee and provide a link to the rules I have to follow. That still doesn't stop people from offering me off eBay auctions, offers for scam escrow, and even the occasional offer of "reciprocal shill bids". They all promptly get reported and I've had the pleasure of seeing at least a few of them NARU'd.

-- Gary F.