Monday, October 09, 2006

Spam, Phish, or Legit... that is the question..

A while back, I received an email purportedly from Ebay that raised my automatic, anti-spoofing sheild and caused me to examine the message very closely and then communicate with the apparent issuer... This post discusses the message and the subsequent communications I've had with Ebay.

First, the message that started it all:

eBayeBay sent this message to Conor Cahill (xxxxxxx).
Your registered name is included to show this message originated from eBay. Learn more.

eBay Auction I64d Cancelled - Results Null and Void

Dear Conor P. Cahill (,

Please be advised that the following auction:

4459053372 - Polaris 480 PRO FOR I/G GUNITE POOLS FAST SHIP!!

was ended early by eBay. The auction was ended due to the account suspension of the seller. All results for this auction are null and void.

Customer Support (Trust and Safety Department)
eBay Inc
Learn how you can protect yourself from spoof (fake) emails at: This administrative email was sent to from eBay. Your account is registered on As outlined in our User Agreement, eBay will periodically send you information about site changes and enhancements. If you would like to receive this email in text format, change your notification preferences. See our Privacy Policy and User Agreement if you have questions about eBay's communication policies. Privacy Policy: User Agreement:

Now this email looks totally legit. All of the links are within Ebay's domain, the referenced auction is one that I participated in, the message was sent from one of Ebay's servers directly to my server with no intermediary, the message was sent to an email address that I use exclusively with Ebay. So everything in my anti-phishing arsenal says this is legit.

However, the auction that they say they ended was one that ended 2 months earlier and which was one that I actually won, paid for and had the item delivered (so the auction had already completed successfully). The seller was still alive and kicking on ebay, so he wasn't suspended either. So the content of the message wasn't legit.

I reported the email to Ebay and they responded with a boilerplate "how to recognize phishing attempts" email. To which, of course, I responded, that I knew what phishing was and that this looked like it really came from them.

About a month later, I get the following email from them:

Dear Conor,

Thank you for taking the time to write eBay with your concerns. My name 
is Nira, and I'm pleased to be of further assistance to you.

eBay is concerned about violations on our site. We'll investigate your 
report immediately and take appropriate actions based on our findings. 
Violations of eBay policies may result in a range of actions, including 
a warning, temporary or indefinite suspension, or account termination.

For the protection of all members, eBay can't provide details on any 
individual investigation or account. We hope you understand that this is
why we won't be able to share with you the outcome of our investigation.

If you are ever concerned about an email you receive from eBay, simply 
follow these steps:

1. Open a new Web browser and type into your browser 
address field to go directly to the eBay site. 

2. On eBay, sign into your account and click the "My eBay" button at the
top of the page.

3. Check the My Messages section located at the top of the My eBay page.
If an email affects your eBay account, it's now in My Messages. Any 
email sent to your registered eBay email address from eBay or from 
another eBay member via eBay's member-to-member communication system 
will now appear in My Messages. 

We sincerely appreciate that you alerted us to this potential violation.
Your efforts help to keep eBay a safe place to trade.

To learn how to protect yourself and ensure a positive purchasing 
experience, check out these buyer tips:

To learn how you can help fight spam, go to:

Thank you for being part of the eBay community.


So, they're gonna look into it, but can't tell me what they find for "our protection". Right...

My $.25 is that they probably had a bug in one of their systems which generated that email, but they surely ain't gonna tell me that.

Tags : / / /

No comments: