It’s one of the oldest tricks in the book, but beware an email titled ‘Error on payment…’ with an attachment because it’s a bit different. When the attachement is opened, your browser is redirected to a phishing site that looks like an eBay sign in page. The URL begins: https://www.wowfreelunch.com. It’s worth double-checking URLs in your browser window if you have had any suspicious mail.
The text of the email reads:
From: Albert Mirco [[email protected]]
Sent: 06 March 2009 00:59
To: undisclosed-recipients:
Subject: Error on payment …………..
Hello, I sent you the payment on your paypal account but now payment email me the error i sent you the pictures error in attach fille. Please check and ASAP
13 Responses
Dan,
I strongly advise that you delete the email address in the phishing email you’ve posted. That is an email associated with what appears to be a legitimate eBay account (over 600 feedback). Don’t know if that’s really “Albert Micro” or if it is just a spoofed from address like most are.
@ebuyerfb. Thanks for your strong advice. Obviously, I considered removing the email address before publishing this post. However, seeing as the name and email address could help people better identify this potentially damaging spoof, I decided to leave it in.
But when someone receives this phishing mail does it always appear to come from that same email address? If it doesn’t then it has no relevance. That is a legitimate email address and I’d be willing to bet a lot of money that the person who owns that address has nothing to do with the spoof. You are basically making someone else into an innocent victim.
Thanks again for your comment. What we do know that the email address in question is one source, indeed there may be others (but we don’t have any information on that).
Obviously, I considered the points you make but my original rationale remains valid: it is useful information that could be used by someone trying to identify a spoof.
Please remove my email address from your post!
Hi ‘Upset’,
To remove your email from the site, please email me at: [email protected]
It would be great to hear your story and how your email address ended up on a spoof email. Equally, if you want privacy I’ll respect that too. We’re friends here.
Your emails will be treated with discretion (as requested) and urgency.
Best,
dw
Innocent my Ar$e… 😉
@ # 7
Actually if Dan would post the full headers of this email we could probably determine that. I’m willing to bet it didn’t come from AOL. As I’ve said these kinds of emails almost always have a spoofed from address.
Dan, does this email have an AOL envelope?
My sole intention with this post was to alert sellers to a spoof that’s doing the rounds and give folk the information they need to identify it. Seeing as the phishing site in question remains active, that remains a valid purpose.
Other discussion and questions, such as my decision to publish the email address and the source of the email are not (in my opinion) of general interest or relevance. Indeed, they represent a distraction.
dw
Your not going to alert us to every new spoof that is doing the rounds though are you? 🙂 It would certainly pad out the blog though 😉
Dan,
If an email looks suspicious I usually click on the reply button (assuming Ive already opened it) & the reply address tells the story. Or of course the header usually tells the tale.
I notice ‘upset’ hasn’t replied??.
Jimbo: I don’t propose to publish every new spoof I hear about. Just those that seem to be unusual, such as this one (which was reported to Tamebay by several readers). A catalogue would be useful, but Tamebay isn’t that venue.
Gerry: A sensible approach. Not only hasn’t ‘upset’ replied on here. I have yet to receive an email from ‘upset’.