Zardon

EBay.com users are being peppered by e-mails saying there has been a security problem at the Web site, and requesting new account and password information. The problem: Some of the e-mails are legitimate, some are scams and it’s hard to tell the difference. And a recent programming glitch at eBay may actually have made life easier for the con artists. One week ago, the site accidentally revealed auction participants’ e-mail addresses for about a six-hour stretch — a gold mine for both spammers and scammers.

SCAM ARTISTS HAVE spent years fishing for passwords to accounts on everything from eBay to AOL by sending out e-mail to users, asking them to “update” their account information. The e-mail then contains a link to a Web site that’s designed to look legitimate, but is actually controlled by the hacker

http://msnbc.com/modules/fraud/

Many “fishers” say they can get a 1 or 2 percent response rate to such an e-mail, often stealing hundreds of account in a single flurry.
Such fishing expeditions for eBay account information have sharply risen in the last week to 10 days, says auction watchdog Rosaldina Baldwin of TheAuctionGuild.com.
“I’ve never seen so many reports from people,” she said. Another eBay user said he was receiving a “torrent” of scam mail recently.
Reports of the fake eBay e-mails have been streaming into MSNBC.com, too. To make matters worse, the scam artists are becoming far more professional in their work. Many of the e-mails include links that appear to be headed right for an eBay page. One e-mail included in its text the link http://www.ebay.com/verification/%?648882XXX.
But that link uses a programming trick to sendsusers to the Web site “www.ebay-verification.net,” a scam site that appears to be hosted in Korea. The Web page is a dead-on imitation of a real eBay Web site — except that it requests everything from credit card numbers to bank card PINs to mother’s maiden name.
The e-mail appears to come from a legitimate-looking address such as ebay@ebay.com.
Other legitimate-looking links being used to lure eBay users in the flurry are:
www.Paypal-EBay.com
https://scgi.ebay.com/saw-cgi/eBayISAPI.dll?VerifyInformation;
http://cgi3.ebay.com/aw-cgi/eBayISAPI.dll?SignIn
E-mails that invite users to type their PayPal e-mail address and password right into the body of the note. EBay just completed an aquisition of PayPal, and scam artists are trying to capitalize on confusion around the merger.
It’s not clear why there’s been an apparent surge of new scam e-mails, but Baldwin thinks it might be connected to a programming error which exposed eBay users’ e-mail addresses last week. From 2 a.m. to 8:30 a.m. on Nov. 13 , anyone — even unregistered users — could view the addresses of current high bidders and auction winners. Baldwin believes the uptick in scams started at about the same time as the exposure.
“Whether it’s directly linked (to the new scams), who knows, but somebody at eBay sure did provide spammers with a brand new fresh spam list,” she said.

kernel

Me thinks someone at ebay "accidentally" let these address's get leaked for a large deposit in their bank account.