OT- Bit of ebay trickery

Posted to stationary engine/model engineering newsgroups, Oldengine.org and Atis (SEL)

I post this as a warning to everyone about a clever bit of skullduggery that came our way today.

Received an email, purporting to be from ebay, regarding an alleged breach of security and fraudulent use of my ebay account and user name. The email asked me to sign in and confirm my details and to fill in all the blanks on the form I would come to.

So far, a pretty ordinary scam email, but the clever bit is to come:

The url for signing in was the same as the normal ebay one, together with https:// at the front to show a secure signing in link. If you clicked on the link you would come to the standard ebay page with boxes for user name and password, and presumably further on it would ask you to confirm your credit card details etc etc:

formatting link
The url was in fact a graphic, not straight text, and if you held the mouse pointer over it, a different url would show up, with an IP address in the far east. So if you clicked normally you wouldn't see the different address, which was:

http://211.252.9.126/.secure/safeharbor.verify.ebay.com/login.php That IP is in the APNIC (Asia Pacific Network Information Centre) area, and I tracked it down to a School in South Korea.

It was a very clever bit of fraud, and one that me scratching my head for a while as I waiting for ebay to confirm it was a fraudulent email, which they did within 20 minutes. I didn't go to the url, I just reported it to ebay and then starting looking at how they did the switch of url's.

You have all been warned! :-))

Peter

-- Peter & Rita Forbes snipped-for-privacy@easynet.co.uk Engine pages for preservation info:

formatting link

Reply to
Peter A Forbes
Loading thread data ...

Yes,

Beware everyone...

Another one which works in some browsers (but not all) is...

formatting link
snipped-for-privacy@www.ashfieldfocus.com

Some of you will get Microsoft, some of you won't. (I think this feature has been trapped in the later versions of internet exploder.)

Another scam that is doing the rounds (my wife had an email with this one, I have been warned of it before, another client of one of my websites told me about it)

on my FOCUSPortals.com websites (for example,

formatting link
I have classified adverts as well as cars etc. The scam is to people selling stuff. Basically, the seller is sent an email from a potential buyer (from nigeria or some such location) saying they will buy the item and it will be shipped over to them.

I don't know how the scam works, but it is a scam.

My wife also received an email from Paypal (supposedly) telling her that her account would expire in 5 days unless she ran the enclosed application. She asked me first, but had already opened the email. The payload had saved itself to the harddisk (without being run) purely on previewing the email.

My email is now configured to not auto preview but I have the preview button in the tool bar so that I can quickly delete all the junk/virii without any web bugs knowing I have received the crap.

If anyone has any more info about these scams (or any scams) I would appreciate you mentioning it in my forums on my FOCUSPortals sites. I do try and do my bit, I put little messages in the emails that are automatically handled by my sites.

Best regards, Dave Colliver.

formatting link
Customise your internet experience
formatting link

Reply to
Dave

Hi all

I found this program to filter out the spam and the clever bit is it learns as it goes along and is FREE

formatting link
have no conection to the above site other than being a user of the program.

Chris

Reply to
chris

Peter I dumped Internet Exploder some while ago and moved to Mozilla Firefox. It runs a lot smoother, no popups etc and allows a good deal of customisation. One nice feature is a duplicated address bar under the standard one that actually shows what you are connected to. In the example you state it would have shown

formatting link
in the address bar but http://211.252.9.126/.secure/safeharbor.verify.ebay.com/login.phpIn the bar below. If the two bars don't match you exit as quick as possible but it won't download anything without consent.

-- Regards,

John Stevenson Nottingham, England.

Reply to
John Stevenson

I get the ebay scam messages every week. But what is the point? What does an infiltrator gain by getting into my ebay identity - other than a bit of mischief? Its not like I have money stashed away in ebay......

Adrenalin

Reply to
adrenalin

I think you would find that there would be credit card details involved, not just your ID.

Peter

-- Peter & Rita Forbes snipped-for-privacy@easynet.co.uk Engine pages for preservation info:

formatting link

Reply to
Peter A Forbes

In article , adrenalin writes

A favourite is to change your contact email (so you don't get notifications), then put some high value items up for sale in your name. People look at your feedback, see you are a nice, honest person, and bid for the item. They then send money to the scammer, who quietly disappears...

A very good reason why it's worth checking the kind of things an ebayer has bought/sold in the past before bidding.

It's also not unusual for people to use the same username/password on different systems, so getting your ebay password could let them into your PayPal account.

Matt

Reply to
Matthew Haigh

Send this stuff to

snipped-for-privacy@ebay.co.uk

and take a look at Ebay's own spoof info.

Reply to
Tim Christian

Now that's another very good reason (amongst many) why I don't go near paypal.

Charles

Reply to
Charles Ping

Even the most Machiavellian of scams and fiddles are let down by the perpetrator's inability to grasp the rudiments of the English language.

Most bona fide organisations manage to broadcast their announcements without spelling mistakes, grammatical errors, split infinitives, or the dreaded variegated apostrophe.

A quick assessment of the gravity of the "threat" will also provide clues as to the intentions of the sender. Last one I got from Paypal requested me to log in to my account in the normal way (no links provided) and then peform a series of validation steps via the existing menu structure - or else I would not be able to close my account at all! Scam emails usually insist that I enter my credit card details at the link provided or else lose all priveleges in this life and the next.

In a way I have a sneaky regard for some of these scams, I must get at least 2 or 3 Nigerian money-laundering rackets a week (one perp even replied with a "Thank You - please send details" to my autoresponder!). If there are enough greedy and stupid people out there to fuel this type of racket, then there will always be others who will prey on them.

Festina Lente

MARK

Reply to
Mark Pinkney

So a good spell/grammar checker should be able to pick up most spam - sounds like the basis for a useful product in there somewhere!

Regards, Tony

Reply to
Tony Jeffree

This thread seems to have brought out a few unfamilier names which is always welcome - come on guys, now you're here tell us something about your engine activities.

Reply to
Nick H

They're probably contributors from the other group to which it was cross posted.

John

Reply to
John Manders

I did wonder if there was some kind of 'reply all' function to cover cross posted threads, but the only options on outlook express seem to be reply to group or reply to sender.

Reply to
Nick H

Agent tells you that it was posted to n newsgroups, and then gives the option of posting to the current one you are viewing or to all.

I'll post independently next time.

Peter

-- Peter A Forbes Prepair Ltd, Luton, UK snipped-for-privacy@easynet.co.uk

formatting link

Reply to
Prepair Ltd

Ahhh. I see the reason now.

Incidentally, I would strongly discourage use of 'paypal' too. The costs are very high (and climbing steadily) currently 3.8% I believe which compares to my credit card facility at 1.4%. I also had the misfortune to claim under paypal (after being conned) and discovered that their guarantee is not worth the paper that it isnt written on. I just got messages back telling me that my claim was not covered - even though, clearly from the facts it was.

Adrenalin

Reply to
adrenalin

While we have heard lost of horror stories about both ebay and PayPal, over 6 years of trading with ebay and three years on PayPal we haven't had a single significant problem with either.

There have been those that have bid and subsequently walked away because they didn't realise we were in the UK and they were in the USA, that sort of stupid, but generally we have had mostly good deals with people and continue to do so.

In the main we have found most sellers and bidders to be quite normal folks and we have only had to leave one negative feedback point in that time, although we came close on a couple of others! :-))

We do buy a lot of items in the USA and find that generally they are far more practical about ebay matters than over here, and while other forms of payment are used, PayPal is the de facto method for most people.

Peter

-- Peter & Rita Forbes snipped-for-privacy@easynet.co.uk Engine pages for preservation info:

formatting link

Reply to
Peter A Forbes

I find it worthwhile to be VERY clear in my Terms of Business what you expect. Anyone buying anything from Yours Truly must expect to pay for it first and for their cheque or Money Order to clear though my account before despatch. No electronic means of payment no matter how secure, clever or convenient are acceptable to me.

If you say so clearly at the outset, only those who are prepared to deal with one in the specified way bid. It may cut down your options but I guarantee it is grief free!

Regards,

Kim Siddorn,

Reply to
J K Siddorn

The BAYES side of Spamassassin works like that, it looks at the message body and performs many checks on it. All the normal things like viagra etc but also the balance of HTML to text, what colours are used, "click here" etc etc.

I find it works very well with no truely false positives (had a few were the senders IP address is on a blacklist) and about 1 false negative/fortnight. This is with spam messages arriving at around

100/day.

It works with my local Linux based mail server, not sure if it is possible to use in doze and just an email client.

Reply to
Dave Liquorice

Reply to
Roland and Celia Craven

PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.