Sunday, March 06, 2005

Warning: Another Phishing spam is out there, this time pretending to be from Ebay, but with a VERY convincing message!

Here is what was sent (to me, at least):

*eBay NewYears User Agreement Update*

It's that time of year again! With 2005 now upon us, we have updated the eBay
user agreement. As a result of the update, your account will be restricted until
you have followed the link below and reconfirmed your contractual agreement with
eBay. We apologize for any inconvience as a result of the update, but as a large
e-commerce entity we are required to receive an updated agreement at the
beginning of each year.

After agreeing to the contract linked below, please feel free to check out some
of the new auction styles for 2005. eBay now features pre-set auction details
making selling easier than ever! Simply have eBay find your item, and it will
present you with a preset information block regarding your product.

Here at eBay, we are constantly working harder to make your auctions this year
better then ever. We will be continuously adding features to improve your eBay
experience like never before, and your eBay account is a first row seat to the
action! So dont let your account expire, update your settings today, its a
simple process, and will only take a few moments. All accounts not verified by
March 15, 2005, will be subject to deactivation, and it may be required to
register again to continue using eBay services.

To update your account now, please follow the link below, validate your
information, and confirm your acceptance of the updated agreement.

The problem is, the link provided does look corrrect, but it is spoofed. It actually goes to a website that looks like ebay, and of course when you enter your information, it 'fails' and likely sends you to the real ebay where it would work. Too late - they have your name and password, and perhaps visa information as well.

If you use ebay and get a message like this, just delete it. Ebay will never ask you to 'validate your information' or 'confirm your acceptance' of an updated agreement. Any emails like this will be fake, and designed to get you to enter your account information on a scammer's website.