Lost an auction- came in 2nd. About $1250.00. Got a VERY official looking Email from Ebay 2 days later giving me a "2ND Chance Offer" to buy the item at my bid price. The reason stated- the winner had backed out of the deal, thus, as runner up, I was eligible to win. It linked to the auction, the sellers email, and several good Ebay links (on mouseover). I replied to the Email, the Emails with the "seller" went back and forth, up to the point where he asked me to send the funds as wire transfer. The auction was PayPal. Red Flag. I emailed the auction winner- sure enough, he had sent the payment, not backed out. I checked MY Ebay Messages-no copy of the '2nd Chance' Email there. Heads up- JR Dweller in the cellar
Something similar happened to me, except in my case the seller was a foreign scammer (probably a hijacked account). I knew enough about how second chance notices look, to see a forgery (it was sent from yahoo).
I got one last week. I had won and payed for an item and an Email came telling me that the seller had registered a "did not pay" complaint against me. Turns out that it was a pishing attempt to get my Ebay details. Almost got me but I asked the seller WTF and he said he had no idea. He had my payment and had shipped the goods. Check the details of any email that purports to come from Ebay. Thet always include your username (this one did not). The site linked in the email was an exact copy of an Ebay sigh in page but it was NOT secure (https).
and download the "Netcraft toolbar". It shows you the owner of the website you're on, real time, along with a color-coded warning which indicates the likely relative risk of it being legit or not. Also, if you try to navigate to a known scam site, it warns you with a window you have to click through to get to the scam site.
There's a guy in rec.collecting.coins who sells very high-end US coinage. He's had people scam in & send second chance offers for coins he's sold. His auctions now explicitly say "I never send second-chance offers".
But do go download that toolbar from netcraft (they're very highly respected in the IT industry, it's safe to say the least). It's informative if nothing else, and could catch something that you don't.
222 91792 body > Lost an auction- came in 2nd. About $1250.00. Got a VERY official
Go to
formatting link
and download the "Netcraft toolbar". It shows you the owner of the website you're on, real time, along with a color-coded warning which indicates the likely relative risk of it being legit or not. Also, if you try to navigate to a known scam site, it warns you with a window you have to click through to get to the scam site.
There's a guy in rec.collecting.coins who sells very high-end US coinage. He's had people scam in & send second chance offers for coins he's sold. His auctions now explicitly say "I never send second-chance offers".
But do go download that toolbar from netcraft (they're very highly respected in the IT industry, it's safe to say the least). It's informative if nothing else, and could catch something that you don't.
One comment, Ken. https doesn't mean you're safe at a site, it just means nobody between here and there can intercept the traffic. I could register a site caled "
formatting link
", and get a real cert for it, serve it as an https: site. You could navigate there, and see a site which looks just like alltheweb.com; depending on your font in your browser, vv might look like w enough not to catch your eye. The addition of "special" characters (foreign characters which look like, but aren't, the same as the English similar ones in legit names) makes this all the more interesting.
But https doesn't tell you anything other than that the traffic can't be intercepted casually by someone between here and there. Doesn't say a thing about what that site will do with the traffic once you give it to them.
Yes, looks great. Congrats. I did something similar to that scammer also, finally sending him the g***se picture instead of (expected by him) picture of the western union money transfer receipt.
You don't want the scammers to learn how to spell better, it'll make it harder to spot.
I went thru the whole "2nd chance" scenario with a video camera deal last year, you have to wonder at how many people get caught up in these scams, obviously enough do to make it a viable crime.
I got a similar note from Ebay. I lost the auction (bid $125, went for $155) but I had already corresponded with the seller about some details. I ignored Ebay, wrote the seller direct, and he replied that he had a duplicate item, with defect, that he was willing to sell me for $125. Since this was kind of local (>100 miles), I drove out and picked up the item. Judging by the above, I'm glad I didn't respond to the "Ebay" email.
ALWAYS look at the headers. In Eudora..click on the Blah Blah button. The headers you see in the regular email are not always the ones that show up in the Blah Blah or the actual header information.
I dont use outlook exploder for email so others will have to describe how to do this
Here is the visible header info from a typical Ebay spoof:
from: snipped-for-privacy@eBay.com Reply-To: snipped-for-privacy@eBay.com Subject: Question from eBay Member Date: Tue, 09 May 2006 17:51:33 -0400 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - srv.mystfire.com X-AntiAbuse: Original Domain - lightspeed.net X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12] X-AntiAbuse: Sender Address Domain - srv.mystfire.com X-Source: X-Source-Args: X-Source-Dir: X-ELNK-Info: spv=0; X-ELNK-AV: 0 X-ELNK-Info: sbv=0; sbrc=.0; sbf=0b; sbw=000; X-Antivirus: AVG for E-mail 7.1.385 [268.5.0/325] ________________________________
Here is the expanded header info, which I always do when forwarding such off to snipped-for-privacy@ebay.com or snipped-for-privacy@paypal.com:
Status: U Return-Path: Received: from srv.mystfire.com ([216.22.50.202]) by onemmx-faisan.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP id 1fDA796ZT3Nl3480 for ; Tue, 9 May 2006 17:51:31 -0400 (EDT) Received: from nobody by srv.mystfire.com with local (Exim 4.52) id 1Fda7B-0006hl-QE for snipped-for-privacy@lightspeed.net; Tue, 09 May 2006 17:51:33 -0400 from: snipped-for-privacy@eBay.com Reply-To: snipped-for-privacy@eBay.com Subject: Question from eBay Member Message-Id: Date: Tue, 09 May 2006 17:51:33 -0400 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - srv.mystfire.com X-AntiAbuse: Original Domain - lightspeed.net X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12] X-AntiAbuse: Sender Address Domain - srv.mystfire.com X-Source: X-Source-Args: X-Source-Dir: X-ELNK-Info: spv=0; X-ELNK-AV: 0 X-ELNK-Info: sbv=0; sbrc=.0; sbf=0b; sbw=000; X-Antivirus: AVG for E-mail 7.1.385 [268.5.0/325] Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=======AVGMAIL-446191510A58=======" ___________________________________________________
This particular one came in this morning, as a very legitimate looking Ebay Message from Member:
"eBay sent this message from Brittney Everding (sydatkinson). Sender registered name is included to show this message originated from eBay. Learn more. Question from eBay Member -- Respond Now eBay sent this message on behalf of an eBay member via My Messages. Responses sent using email will not reach the eBay member. Use the Respond Now button below to respond to this message. Question from sydatkinson I'm still waiting the package to arrive What happened? Please mail me ASAP or I will report you to ebay. "
The key here is to make you go WTF?? and click on the link to go check. Once you have logged on..its to their bogus site, not ebays, they now have your log in and password, which may allow them to harvest enough info to get access to your paypal, etc etc accounts.
Always hold your mouse pointer over any links in these spoofed or phishing emails..most email readers will show you what those links really are and its easy to determine that some .edu site is not Ebay.
Gunner
"The importance of morality is that people behave themselves even if nobody's watching. There are not enough cops and laws to replace personal morality as a means to produce a civilized society. Indeed, the police and criminal justice system are the last desperate line of defense for a civilized society. Unfortunately, too many of us see police, laws and the criminal justice system as society's first line of defense." --Walter Williams
Depending on what you're using, you might want to hurry. Microsoft isn't issuing security patches for Win98 or older any more, so new flaws (found often) won't be fixed. Not trying to be alarmist here but it's about time to hang up the old stuff if you use it online.
To double-check, the 2nd-chance offer DOES actually exist, correct? I recall getting an offer for a bearing, but if I remember correctly, it showed up on ebay's website as well, in addition to the email notice.
That said, I didn't want to buy it at that praice, so maybe it was a scam; I will never know.
You only get a legitimate 2nd-chance offer if you bid on the item, and the price is exactly what your last (maximum proxy) bid was, so you must have changed your mind about what it was worth. ;-)
The only problem I have with it as a buyer is that it makes it easier to use a shill bidder. I don't use it anymore on stuff I sell, at least in most cases, for several reasons.
PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.