Posted: 12/16/2002 3:26:19 PM EDT
|
FYI, I received this email today.... PLEASE DO NOT REPLY TO THIS EMAIL. THIS IS AN AUTOMATED ACCOUNT AND NO HUMAN WILL READ YOUR REPLY. Contact / opt-out information is enclosed below. This email contains important information about online security and some fraud schemes that are currently being attempted at various online sites. The security precautions in this email apply not only to your account at GunBroker.com but at ALL online eCommerce and auction site. Background: Recently, scammers have sent bogus emails to customers of various online sites or services requesting login, personal, or financial information. The return address of the emails were forged to look like they were being sent from a legitimate account at the online site, and the emails used the logo and look and feel of the site. By following the directions in the email, the unsuspecting victim was actually giving away his confidential information to the scammer. There is an article about such a scheme perpetrated against AT&T customers here: http://www.accessatlanta.com/ajc/business/1202/09hoax.html There is an article about such a scheme being perpetrated against eBay customers here: http://news.bbc.co.uk/2/hi/business/2564725.stm Recently, a small number of GunBroker.com customers received an email that was forged to appear to have been sent from [email protected] and was titled "GunBroker.com Security Check". The email contained an HTML copy of our login page. If you entered your user name and password and clicked submit your login info was sent to some other web site. One seller was duped by this scheme and the scammer changed his account info and password and listed some non-existent items for sale in an attempt to defraud bidders. We shut down the bogus auctions and returned control of the account to the seller. If you received one of the bogus "GunBroker.com Security Check" emails and tried to login to the form it contained, you should go to Edit Account Information in the For Buyers or For Sellers page to verify your account and to change your password. Because the bogus "GunBroker.com Security Check" emails were not sent by us and were not sent through our mail server, we cannot know all of the email addresses to which they may have been sent. If in doubt, use Edit Account Information in For Sellers to check your account and change your password. Resolution: Our web site has not been hacked. We have strict security measures in place, including strong password protection, encryption, and firewalls, and these security measures have not been breached. The only way the scammer can get your information is if you give the information to him. Even if you attempted to login to the form in the bogus "GunBroker.com Security Check" your credit card information was not compromised as the full card number is never retrievable. We intend to contact the FBI computer crime division in Atlanta and will and attempt to get them involved in tracking down the person or persons responsible for sending these emails. Security Precautions: the following security precautions apply not only to GunBroker.com but also to ALL eCommerce and auction sites. 1. Never give your password to anyone via email. Email is easily forged. Any legitimate support person at our site will have access to your account information based on your user name or email address. 2. Never give anyone credit card information via an email message. Email is unencrypted and has no security mechanism. 3. Do not enter your login information or credit card information into a form contained in an HTML-formatted email message. If you click the 'submit' button you do not know where the information will be transmitted. We never send HTML-formatted email that contains a form requesting login or credit card information. 4. When clicking on a link in an email that directs you to a web site, make sure that you are on the correct web site before logging in or providing financial information. In one of the scams, users were directed to www.ebayupdates.com, a site that was made to look like eBay but was in fact not owned by eBay. You can look at the 'Address' box of your browser to see the URL of the web site and make sure that it is the site you expect. 5. Never buy anything advertised in spam email. Many times you will get ripped off, and even if you do not get ripped off you are promoting spam which only adds to the problem. Spammers would not send spam if no one replied. 6. When in doubt, ASK! If you get a suspicious looking email, forward it to the technical support department of the online site and ask if the email is genuine. GunBroker.com has a 'Contact Us' link at the bottom of every site page that can be used to contact our technical support. Auction Precautions: fraud at person-to-person auction sites like eBay and GunBroker.com is rare. We at GunBroker.com work extremely hard to prevent sellers from taking advantage of buyers. To avoid problems, we offer the following: 1. Always check feedback before placing a bid. If you have questions about the feedback or the seller, contact him and ask questions until you are satisfied. 2. Never accept any unsolicited offer to buy or sell items off of the auction site. eBay and GunBroker do not provide any assistance or support for off-auction transactions, and past experience has shown these to be a source of problems. 3. Use credit cards to pay if possible as an added level of protection. If you cannot use credit cards, use US Post Office money orders. 4. In general, transactions with a seller in another country involve a greater amount of risk. This is not to say that all such transactions are bad; the vast majority of these transactions are legitimate. However, it is extremely important to check feedback and/or protect yourself by using a credit card when engaging in a transaction with a foreign seller. 5. Lastly, use common sense. If you win a $10,000 item for $550 and the seller wants you to wire the money to the Netherlands, it's a scam. Report any such activity to the auction site tech support. We apologize for the need to email you and interrupt your busy day, however we considered this a matter of utmost urgency. Please understand that online transactions are safe so long as you use common sense and exercise reasonable precautions. We believe that fraud is no more prevalent online than it is elsewhere; however, people may not be as knowledgeable about fraud prevention online as they are in the offline world. The intent of this email is to make you aware of things to watch out for to keep you safe online. If you need further help with a specific GunBroker-related issue, you can click 'Contact Us' from the bottom of any page of our web site. Regards, GunBroker.com http://www.gunbroker.com |
|
This stuff is for real. One of my customer got hit not too long ago. Their site was hacked and the hacker sent out emaiils to the customers from a yahoo/hotmail account with a from address as the customer's domain. The reply to address was his yahoo/hotmail account. Emails to the customers were requesting the three digit security code on the back of their credit cards and in total, about 300K was fraudulently charged. Be careful with on-line merchants, as their security may be lacking. Use the telephone and check those headers! -934 |
|
yep. NEVER, EVER EVER EVER respond to ANY email asking you about ANY account information for ANYTHING. Check ANY links included in any email. If it takes you anywhere other than the page you normally go to, DON'T ENTER ANYTHING!! I'm sure many people will be duped by this... stupidity is easy to prey upon when it's so rampant... Keep your wits about you men! |