Z&M Enterprises

SYDNEY (Reuters) - Fraudsters trying to steal credit card information from online auction house eBay Inc.'s 55 million users appear to have set up a fake Web site that mimicked the firm, a private Internet watchdog said on Wednesday.

The scam involved e-mails that asked recipients to log on to a Florida-based Web site, ebayupdates.com, and reenter financial data for eBay, said Dean White, the Asia-Pacific coordinator of a U.S. group, SANS Institute Internet Storm Center.

"Once you've got the credit card information you can use it for everything," White said.

The scam site sported the eBay logo and colors but did not appear to have any connection with California-based eBay, White told Reuters.

An eBay spokesman said such sites spring up on the Web from time to time, targeting different user groups.

"They're hoping a certain percentage of people will be fooled and enter information," the spokesman said.

"Typically, eBay customers are aware of this. They know eBay never emails users requesting personal information," he added, noting that Web users can protect themselves by being wary of any email asking for personal information and checking the activity of their Internet accounts on a regular basis.

EBay carries a general warning on its Web site, urging caution over e-mails seeking passwords or credit card numbers.

The scam e-mail, provided to Reuters by White, is headed "Ebay (sic) billing error" and begins: "Dear Ebay Member, We at Ebay are sorry to inform you that we are having problems with the billing information of your account."

White said the mail, aimed at eBay's registered customers but possibly mass-mailed to other Internet users, began appearing on December 6.

The company hosting the fake Web site on its computers had been informed and by Wednesday the site was unavailable on the Internet.

Security and trust are major issues for e-commerce and Australian banking officials have warned consumers to be especially vigilant about Internet fraud and identity theft over the big spending Christmas period.

Comfort1st.com President Zack Mond told Reuters his Maryland-based Web store in November received a similar scam email, which looked as if it came from Yahoo Inc. and invited Yahoo store owners to sign up for bogus "merchant club" benefits.

The tip-off, Mond said, was when an Internet registry search of the url link to sign up -- clubmerchant.biz/index.html -- showed the site was not owned or in any way connected to Yahoo.

"That was a red flag," said Mond, who added that his company reported the site to Yahoo, as is recommended. Shortly thereafter, it was no longer available.

"If this had gone through, the person could have had hundreds of thousands of credit card numbers very easily," Mond said.