Monday, October 5, 2009

eBay "Ask Seller a Question" Scam; Url Leads to Evil File

eBay sellers: Don't fall for this "Ask Seller a Question" scam. I have gotten two of these in just the last few days. It goes something like get a question from a supposed interested buyer saying they want to buy it as a present but want to confirm the style is what the friend wants, and can you check this url that will show you a photo of it?

The url is a tinyurl, or shortened url, so you can't see the domain name you are going to. Then it leads to a downloadable file that is malicious. If you download and execute this file you are going to mess up your computer. The one I got let to a file with a .cpl extension. (In some cases the browser automatically downloads it for you, but fortunately the browser I use caught the file as suspicious and asked if I wanted to discard it, which I did).

Here's the email I got with the name and part of the url blacked out:

From: m*********
To: juliawww
Subject: m*********** has sent a question about item #2*********, ending on Oct-11-09
Sent Date: Oct-05-09 13:24:13 PDT

Dear juliawww,


I want to purchase this item as a birthday present for a family
member. I think it's the style they are looking for but I'm not
100% sure. Can you open up the pic in the link and confirm?
Please get back to me asap so I can know If I'll go through with
the purchase or not. Here's the link*******


- m***********


The user id is the case I checked, the user ID showed up as "private" so I couldn't get any info. I'm not going to delve into that one for now.

But, the main point is, if you get one of these questions, ignore it and report it!


  1. Thanks for bringing this to everyone's attention. Very interesting. Makes you really wondering when you get certain request going forward - if you should just delete them or move forward with them by responding.

  2. But perhaps the greatest good is the good that yourself get out of the attempt.