A new variant of one that's been wandering around for a bit. quite slick. the one I got sent was from eBay, but basically the same pimp (mine arrived january 19)

Is there a missing close-italics tag in your post, or am I just seeing italics everywhere?

IF you learn nothing else for the rest of your life, learn this.

Never, ever, ever, (...) EVER send the following information in response to an "official" email -- or, for that matter, a phone call.

1) Address.
2) Social Security/Taxpayer ID numbers
3) Credit Card Numbers. Esp. that one on the back that isn't encoded on the magstripe.
4) Passwords to anything.
5) Bank Account info. For Ghugle's sake. At least with Credit, you have a strong challenge available to you, and you're not liable for the money until it's resolved. Which would you rather do? Argue about the bill and not pay it, or argue about getting you money *back?*
6) Anything else that helps establish who you are.

Period. There is almost no legitimate reason for these things to be asked of you, unless *you* initiated the conversation, and even then, it's best to make sure you know that person first.

(And never send this stuff on email. You have any idea how durable email is? Even if you trust the person. What if some IP logs the email? What if somebody's snooping. What if that person sends thier computer in for repair, and someone copies thier email folder?)

If they ask for it, and you *think* it might be legit, tell them to give you a number where you can call them. Then, look up that number. If it doesn't jibe with what they told you -- don't give out the info. Period. Better yet, call the FTC and FBI on them.

Esp. Passwords. Folks, if I'm the sysadmin, I *don't need your password.* I've got rights to all your files. On unix systems a simple "su username" as root makes me you, without a password. No worries. So, when someone says "I need your password to fix your account", then they are, at best, incompetent, but are more likely lying. In either case, the only correct answer is no. This is about 10,000 times more important if that password lets them get at *your money*.

If I need to reset your password, I'll set it so you can't login, forcing you to contact me. But I sure don't need it to fix problems.

So. Just say "Can I call you back" to phone calls. Do not even reply to emails. And *don't* give them the above info.

Please.

Ever.

Otherwise, you'll get posted on some board as the latest victim of the latest scam, and we'll all laugh at you. And nobody, but nobody, wants that.

I'm conducting business for my mother's Trust. The first thing I learned is how easy it must be to establish a new identity, if it's this easy to contact businesses & bureacracy and issue instructions.

Social Security numbers are the key to almost every piece of new business.

Good timing! I just got a paypal mail a few days ago, saying I should "update" my credit card info on their site. (Sure!) No other site had ever asked me to do that via email.

I followed a thread on a Mac board about 'why you should not buy a Powerbook on eBay'. I was super interested, because of course I have just this week bought a Powerbook on eBay. When you looked a little deeper, it was really about 'why you should not buy a Powerbook from someone who is selling them suspiciously cheaply, has very good feedback none of which relates to the sale of Powerbooks, and has a really good argument for why you should send cash to Romania before he sends you the computer.'

I just received a similar email purporting to be from NoChex, another internet payment company.