I got an offical notice from eBay.com asking me to update my credit card info. When I did, I found that they now want me to enter my pin number!! They must be joking! No company I've ever dealt weith has ever asked me to (or been nuts enough to expect me to) give my pin number out. Comments?
BJ
This will be from an email at a guess asking you to click a link ? The link does NOT take you to E-Bay, nor does E-Bay ever ask for such details or for you to confirm such details. If you have already typed in sensitive information I suggest you change passwords etc ASAP. Send the email to snipped-for-privacy@ebay.com immediately
Joe
Are you sure that it is a genuine notice from ebay and not a phishing attempt?
"BJ" wrote
Are you sure it was from eBay, and not a phisher?
No, they are not kidding; they are asking for your PIN. But they are not eBay.
Is this "official notice" looks like this one: ? Or this one:
?More reading is available from this link:
Vadim
Obviously a phishing attempt! As Joe recommends send it to snipped-for-privacy@Ebay.co.uk, they'll confirm it as malicious fairly quickly I expect.
Hi Joe, Thanks for the suggestion which I followed immediately. That was the most convincing scam email I've ever received. The URL it took me to a started as follows:
Regards,
BJ
I'm SURE it was a phisher now - and a damn clever one, too. I don't usually get caught out by scammers. I almost fell for this one. But the PIN number request was what raised the big question mark.
Cheers BJ
I'm not sure how a pin would help a phisher as c&p transactions require that the physical card be present.
A card can be cloned and with the PIN number used to draw cash, etc.
But this is perfectly legal name for a server in ebay.com domain. There are also ebay.de, ebay.fr, ebay.co.uk and others registered by eBay Inc.
What were the message headers? What was the message source (I bet it was in HTML)? Need I add that switching a mailer program to text-only mode is safe option?
Vadim
"Adrian Boliston" wrote
Who said they'd try to use it at C&P? What about making a cloned card (with magstripe) & using it at an ATM ??
It's a scam. Cancel your ebay account and credit card immediately.
It is also a perfectly legal "username" in a http URL. Phishers often use URLs of the form https:// snipped-for-privacy@secure.account-update.123456789-0abcdef-88.zz/blah where "secure.account-update.123456789-0abcdef-88.zz" is the real hostname, and "signin.ebay.com" is just a username that is sent along with the HTTP request and presumable ignored by the server.
Not really. It makes it less easy to be duped by professional-looking graphics, but the real vulnerability is in the victim's mind (and, in cases like this, in his ignorance about URL semantics).
If it's a c&p card wouldn't the banks computer send a request to the atm to read the *chip* rather than a magstripe?
Why should he cancel his eBay account, wouldn't changing his password be sufficient?
"Adrian Boliston" wrote
But wouldn't the "cloner" simply *not* put a chip on the card, and set the relevant fields on the magstripe to indicate that the card has no chip - thereby the ATM wouldn't try to interrogate the chip?
Anyway, what about ATMs which do not support chips yet?
ebay, barclays, hsbc, lloyds tsb
None of these online services will ever send you an email requesting you to update your information - even if its linked with *SHOCK HORROR* an urgent fraud investingation !!
I get maybe 4 or 5 of these type of phishing hooks in my inbox every day, they look convincing as they use the same corporate styles as the websites you are used to visiting.
Don't believe any of them, no matter how real they look.
Regards - Dave.B
Never give your pin number to anyone, for any reason, ever. You should only ever need it at hole-in-the-wall machines, and chip-and-pin devices in shops.
BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.