OT- Bit of ebay trickery

Posted to stationary engine/model engineering newsgroups, Oldengine.org and Atis
(SEL)
I post this as a warning to everyone about a clever bit of skullduggery that
came our way today.
Received an email, purporting to be from ebay, regarding an alleged breach of
security and fraudulent use of my ebay account and user name. The email asked me
to sign in and confirm my details and to fill in all the blanks on the form I
would come to.
So far, a pretty ordinary scam email, but the clever bit is to come:
The url for signing in was the same as the normal ebay one, together with
https:// at the front to show a secure signing in link. If you clicked on the
link you would come to the standard ebay page with boxes for user name and
password, and presumably further on it would ask you to confirm your credit card
details etc etc:
formatting link

The url was in fact a graphic, not straight text, and if you held the mouse
pointer over it, a different url would show up, with an IP address in the far
east. So if you clicked normally you wouldn't see the different address, which
was:
http://211.252.9.126/.secure/safeharbor.verify.ebay.com/login.php
That IP is in the APNIC (Asia Pacific Network Information Centre) area, and I
tracked it down to a School in South Korea.
It was a very clever bit of fraud, and one that me scratching my head for a
while as I waiting for ebay to confirm it was a fraudulent email, which they did
within 20 minutes. I didn't go to the url, I just reported it to ebay and then
starting looking at how they did the switch of url's.
You have all been warned! :-))
Peter
--
Peter & Rita Forbes
snipped-for-privacy@easynet.co.uk
Engine pages for preservation info:
formatting link

Reply to
Peter A Forbes
Loading thread data ...
Yes,
Beware everyone...
Another one which works in some browsers (but not all) is...
formatting link
snipped-for-privacy@www.ashfieldfocus.com
Some of you will get Microsoft, some of you won't. (I think this feature has been trapped in the later versions of internet exploder.)
Another scam that is doing the rounds (my wife had an email with this one, I have been warned of it before, another client of one of my websites told me about it)
on my FOCUSPortals.com websites (for example,
formatting link
I have classified adverts as well as cars etc. The scam is to people selling stuff. Basically, the seller is sent an email from a potential buyer (from nigeria or some such location) saying they will buy the item and it will be shipped over to them.
I don't know how the scam works, but it is a scam.
My wife also received an email from Paypal (supposedly) telling her that her account would expire in 5 days unless she ran the enclosed application. She asked me first, but had already opened the email. The payload had saved itself to the harddisk (without being run) purely on previewing the email.
My email is now configured to not auto preview but I have the preview button in the tool bar so that I can quickly delete all the junk/virii without any web bugs knowing I have received the crap.
If anyone has any more info about these scams (or any scams) I would appreciate you mentioning it in my forums on my FOCUSPortals sites. I do try and do my bit, I put little messages in the emails that are automatically handled by my sites.
Best regards, Dave Colliver.
formatting link
Customise your internet experience
formatting link

Reply to
Dave
Hi all
I found this program to filter out the spam and the clever bit is it learns as it goes along and is FREE
formatting link
have no conection to the above site other than being a user of the program.
Chris
Reply to
chris
Peter I dumped Internet Exploder some while ago and moved to Mozilla Firefox. It runs a lot smoother, no popups etc and allows a good deal of customisation. One nice feature is a duplicated address bar under the standard one that actually shows what you are connected to. In the example you state it would have shown
formatting link
in the address bar but http://211.252.9.126/.secure/safeharbor.verify.ebay.com/login.phpIn the bar below. If the two bars don't match you exit as quick as possible but it won't download anything without consent. -- Regards,
John Stevenson Nottingham, England.
Reply to
John Stevenson
I get the ebay scam messages every week. But what is the point? What does an infiltrator gain by getting into my ebay identity - other than a bit of mischief? Its not like I have money stashed away in ebay......
Adrenalin
Reply to
adrenalin
I think you would find that there would be credit card details involved, not just your ID.
Peter -- Peter & Rita Forbes snipped-for-privacy@easynet.co.uk Engine pages for preservation info:
formatting link
Reply to
Peter A Forbes
In article , adrenalin writes
A favourite is to change your contact email (so you don't get notifications), then put some high value items up for sale in your name. People look at your feedback, see you are a nice, honest person, and bid for the item. They then send money to the scammer, who quietly disappears...
A very good reason why it's worth checking the kind of things an ebayer has bought/sold in the past before bidding.
It's also not unusual for people to use the same username/password on different systems, so getting your ebay password could let them into your PayPal account.
Matt
Reply to
Matthew Haigh
Send this stuff to
snipped-for-privacy@ebay.co.uk
and take a look at Ebay's own spoof info.
Reply to
Tim Christian
Now that's another very good reason (amongst many) why I don't go near paypal.
Charles
Reply to
Charles Ping
Even the most Machiavellian of scams and fiddles are let down by the perpetrator's inability to grasp the rudiments of the English language.
Most bona fide organisations manage to broadcast their announcements without spelling mistakes, grammatical errors, split infinitives, or the dreaded variegated apostrophe.
A quick assessment of the gravity of the "threat" will also provide clues as to the intentions of the sender. Last one I got from Paypal requested me to log in to my account in the normal way (no links provided) and then peform a series of validation steps via the existing menu structure - or else I would not be able to close my account at all! Scam emails usually insist that I enter my credit card details at the link provided or else lose all priveleges in this life and the next.
In a way I have a sneaky regard for some of these scams, I must get at least 2 or 3 Nigerian money-laundering rackets a week (one perp even replied with a "Thank You - please send details" to my autoresponder!). If there are enough greedy and stupid people out there to fuel this type of racket, then there will always be others who will prey on them.
Festina Lente
MARK
Reply to
Mark Pinkney
So a good spell/grammar checker should be able to pick up most spam - sounds like the basis for a useful product in there somewhere!
Regards, Tony
Reply to
Tony Jeffree
This thread seems to have brought out a few unfamilier names which is always welcome - come on guys, now you're here tell us something about your engine activities.
Reply to
Nick H
The BAYES side of Spamassassin works like that, it looks at the message body and performs many checks on it. All the normal things like viagra etc but also the balance of HTML to text, what colours are used, "click here" etc etc.
I find it works very well with no truely false positives (had a few were the senders IP address is on a blacklist) and about 1 false negative/fortnight. This is with spam messages arriving at around 100/day.
It works with my local Linux based mail server, not sure if it is possible to use in doze and just an email client.
Reply to
Dave Liquorice
I am happily in the same position (thanks Paul) My email server has Spam assassin. Works a treat. regards Roland
Reply to
Roland and Celia Craven

PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.