Lots of you probably already know this, but for those who don’t, please be careful when you get email from someone you’re using for a web service like eBay or Amazon asking you to update your personal information.
They don’t ask for that stuff via email.
Pay attention when you get a request like this.
Today’s claims to be from eBay. It looks like a block of text saying that they weren’t able to verify my current information. There’s a URL to click on: http://scgi.ebay.com/saw-cgi/eBayISAPI.dll?VerifyInformation
Sounds like a legitimate eBay URL. Malicious jerks couldn’t spoof a page on one of the big guy’s domains like that, right?
Not quite. What they can do is show you what you expect to see and hope you don’t notice it isn’t what you think.
I clicked on the header information in my email window (the from, to, subject stuff) and holding down the mouse, selected the whole message. The “text” and the link included in it are not text. They’re an image and that image is actually linked to this URL:
http://211.217.224.102:4901/stats/
That page has some easily stolen graphics from eBay and asks the visitor to provide information such as social security number, passwords, credit card numbers and ATM pin codes. (No one ever asks you for the last one, people; if you lose it even your bank resets it!)
Note that it is not at eBay.com; it’s just showing an IP address: 211.217.224.102.
So who are these assholes hoping to sucker some idiots into giving away the farm? The lookup service I performed a Reverse DNS lookup at takes a little trip to some server in Korea and then says there is no domain name associated with that IP address.
That ain’t eBay, gang.
MetaGrrrl 
I had exactly the same thing. Fortunately, I didn’t fall for it.
LikeLike
I just received a new version of this e-mail. It is no longer using an image to send you to 211.217.224.102. They use a link but, I am not sure how it is working. I just know that it did not take me where I expected to go. The “hidden” text on this message is different than previously reported. It is ANALYSIS NYTimes Nty You are through let me add in 1861 excuse me tzpKrqk JGeNvjHFYKW uz
I must go íå íàäî Just tonight 051 here’s a… 6 Welcome! 138 i’m sorry in 1803
Just a little thought to leave you with… maybe the hidden text is actually a coded message to somebody….
LikeLike
Hi,
I got those requests for account verification asking for much personal
banking and ssi information from supposedly ebay and paypal and I
thought it was strange. Thanks for the support help and advice. I
wasn’t going to send the information but I was in doubt. I wish there
was a way to call paypal or ebay on the phone.
Thanks again and
Happy Trails
LikeLike
[spam comment. That IP to ban is 212.179.192.76]
LikeLike
[spam comment. That IP to ban, once again, 212.179.192.76]
LikeLike
I received the email for ip address 211.217.224.102 port 4901, this is no the first time. This has been goig on for years, the problem is there are so many new people getting connected now. Most newer surffers have no clue about the net and all the fraud on it. Older web people like myself are aware of this stuff, I was o when the net had never heard of SPAM.
The best part about the emails for ebay and amazon is the email is sent to yaho, ebay for the most part will not allow a yahoo email, that is where I get most of y SPAM from. People should note, if you get an email in a screen name that is not used for that service it is a fraud, NO you were not tacked down y ebay with a email add5ress that is not your ebay contact.
LikeLike
I can’t believe it, my co-worker just bought a car for $30846. Isn’t that crazy!
LikeLike