Home Trading Cards & Memorabilia Forum

Ebay Scam: The Trickiest Spoof I've Seen

jskirwinjskirwin Posts: 700 ✭✭✭
in Trading Cards & Memorabilia Forum
This is the trickiest spoof I've seen.

image

Note that the Item number is correct - and I am selling it. Ignore the faded out button, I'm running a utility and the SnagIt capture also caught that.

So how do I know that it's fake?

When I hover the mouse over either the item# or the respond button, I see this in the status bar at the bottom of my Firefox browser:
image

Now I don't trust anything I get from anybody these days. When I receive an email, I immediately assume it's bogus, a scam, or spam. Unfortunately, that's because most of the email I receive fits one of those categories.

I've received spoof emails before claiming to be from buyers, along the lines of "I didn't receive the shaver you sent last month blah blah blah," when I know exactly what I sold - or bought. But this method of spoofing is the trickiest I've seen so far because it directly pulls data from a current listing - one that didn't even exist 4 days ago.

I've forwarded it to Ebay, so I'm sure they will spare no expense to track the culprits down image

PS: I loved the New Jersey bit, especially since I make it clear that I ship worldwide. I've always thought New Jersey was on another planet... image

PPS: Note that the URL redirects to the Ocean University of China. However I noticed that the URL on the sender ID appears to be a legit Ebay URL. Given the Chinese government runs one of the most effective "black hat" hacking operations in the world, I'm less surprised in the apparent sophistication of this scam.

Comments

  • Ladder7Ladder7 Posts: 1,221
    Good detective work, They'll try and try again ehh?

    Do you have the bumper sticker,"The Marines already have their Few Good Men... Navy Medics" ?
    some cards
  • jskirwinjskirwin Posts: 700 ✭✭✭
    Thanks for the sticker suggestion. I'll add that to the Navy section.

    Given that my stepson is a Marine, the wife is Ex-Navy, her bro is ex-Coastie and my dad was a master sargaent in the Army, I'm all for boosting the morale of all services (the Kid wants to join the Air Force. Given his PS2 and Nintendo skilz, I'm sure he could handle a Predator well enough to send a hell fire missile up some terrorist's butt somewhere...)

  • Brian48Brian48 Posts: 2,624 ✭✭✭


    << <i>Good detective work, They'll try and try again ehh?

    Do you have the bumper sticker,"The Marines already have their Few Good Men... Navy Medics" ? >>



    That Navy Corpsman, dammit image
  • digicatdigicat Posts: 8,551 ✭✭
    They managed to locate your Ebay ID and your email address. Can you even find a seller's email address on ebay w/o buying something from him first?

    Check out the headers to see where the message came from.
    My Giants collection want list

    WTB: 2001 Leaf Rookies & Stars Longevity: Ryan Jensen #/25
  • jskirwinjskirwin Posts: 700 ✭✭✭


    << <i>They managed to locate your Ebay ID and your email address. Can you even find a seller's email address on ebay w/o buying something from him first?

    Check out the headers to see where the message came from. >>



    Here's the header info. Looks like it came from within Ebay...

    Return-path: <member@ebay.com>
    Envelope-to: scott@therazor.org
    Delivery-date: Thu, 08 Feb 2007 10:03:58 -0500
    Received: from therazor by cpanel.bso1.com with local-bsmtp (Exim 4.63)
    (envelope-from <member@ebay.com&gtimage
    id 1HFAoT-0007IC-KB
    for scott@therazor.org; Thu, 08 Feb 2007 10:03:58 -0500
    X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on cpanel.bso1.com
    X-Spam-Level:
    X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_50,DNS_FROM_RFC_ABUSE,
    FORGED_RCVD_HELO,HTML_MESSAGE,MIME_HTML_ONLY autolearn=no
    version=3.1.7
    Received: from [207.226.174.50] (helo=smtp05.ebey.com)
    by cpanel.bso1.com with esmtp (Exim 4.63)
    (envelope-from <member@ebay.com&gtimage
    id 1HFAoT-0007I2-GC
    for scott@therazor.org; Thu, 08 Feb 2007 10:03:53 -0500
    Received: from smtp05.ebey.com (smtp05.ebey.com [127.0.0.1]) by
    smtp05.ebey.com (8.13.4/8.13.4) with ESMTP id 6475253080 for
    <scott@therazor.org>; Thu, 8 Feb 2007 15:03:50 +0000
    Date: Thu, 8 Feb 2007 15:03:50 +0000
    Message-ID: <20070208030749.6475253080@smtp05.ebey.com>
    To: scott@therazor.org
    Subject: Question for item #150089835863 - 1971 Topps Baseball - 130 Cards
    VGEx-EX Lot
    From: "eBay Member: k.stevens94" <member@ebay.com>
    Mime-Version: 1.0
    Content-Type: text/html; charset=iso-8859-1
    Status: R
  • cohocorpcohocorp Posts: 1,371 ✭✭
    how can you figure out that it was ocean university in china? i figure you took it from this line ..orsi.ouc.edu.cn....i dont know how to decipher it.

    p.s. i am completely discusted with the chinese government endorsing this kind of crap. as well as all the counterfeits of pretty much everything to boot. the copyright infringement is abhorrant. i am not prejudiced as my sister adopted a little chinese girl and i think that is wonderful. but the government is a total loser organization. the copy everything while wanting to be a world leader. you have to lead not copy --to be a leader. our fathers and grandfathers shed their blood during the second world war to save their butts. ungrateful punks
    my ebay listings
  • stevekstevek Posts: 29,615 ✭✭✭✭✭
    I guess it depends on how much effort a particular criminal wants to put into each e-mail. He can track ebay and do them individually, focus on each one for whatever reason, or have some 15 cent an hour kid harvest a bunch of e-mails at random on ebay or elsewhere and sent out one e-mail in bulk.

    No doubt there vermin will keep trying, and attempting new techniques and tricks. We just have to hope sooner or later, hopefully sooner, they get what's coming to them.
  • jskirwinjskirwin Posts: 700 ✭✭✭
    cohocorp
    The Chinese we fought for during World War 2 are the ones that fled to Taiwan after the Communist Revolution of 1949.
    The Wife's uncle and my bro-in-law are Korean War vets: they fought against soldiers from the current regime.

    The Chinese government views the United States as its sole adversary in the world. Apparently our government and especially our businesses don't take the Chinese threat seriously. Take the "North Korean" problem. If China wanted the problem resolved it would be over immediately; we'd wake up and discover that Kim Jong-il wasn't so "ronery" anymore. He'd be laying alongside Daddy in the Mausoleum in Pyongyang.

    That said, yes, that's how I figured out it came from Ocean University. The server there has an open port (8081) that allows responses through the firewall. Once through they are directed to a signin page that is probably a clone ripped from the signin page at Ebay. They would collect my username and password on that page.

  • digicatdigicat Posts: 8,551 ✭✭
    Not from within ebay. Notice who sent it:


    << <i>Received: from [207.226.174.50] (helo=smtp05.ebey.com) >>



    Ebey? Spoofed and misspelled server name. IP address 207.226.174.50 belongs to an ISP based here in the US, and is likely getting used remotely as a relay to send this crap out.

    I'd venture to say you were targeted.

    I guess the "phishermen" are resorting to stalking now.


    Edit to say:
    It might not even be a sinister chineese plot at all. Someone might be using a hacked server in China to collect the info, hoping that Chineese law enforcement wouldn't be very responsive to a US law enforcement request for server logs, and thus, ending the trail.
    My Giants collection want list

    WTB: 2001 Leaf Rookies & Stars Longevity: Ryan Jensen #/25
  • jskirwinjskirwin Posts: 700 ✭✭✭


    << <i>
    I'd venture to say you were targeted.

    I guess the "phishermen" are resorting to stalking now.
    >>



    Wow. Thanks for the research.

    I find it ironic that for all their technological prowess, they failed to realize that New Jersey is not foreign shipping. Next to the status bar stuff, that's what really tipped me off - especially since I can see that fine state from my backyard. image
  • nhcardhunternhcardhunter Posts: 43
    Well, they'll need to work their grammar then, because it has the scent of a person who has yet to master the english language. The shipping gimmick is an old angle.

    Best,

    Jim
    Vintage Baseball and Non Sports Collector
  • SoonerCowboySoonerCowboy Posts: 1,179
    I've been getting one of those emails it seems like every 2 weeks. What's funny is I haven't sold anything in probably a year.
    00 Collector's Edge Supreme Master Build Almost
    imageimage
  • TheCARDKidTheCARDKid Posts: 1,496
    I think it's interesting that 99% of the problems I have online are related to ebay. Spoofs, re-setting password, etc.

    Everything else...paypal, amazon, online banking, online brokerage...not a problem in the world. Maybe once every 4-6 months I'll get a paypal spoof mail.

    It'd be scary if ebay was an online bank, wouldn't it?
  • stevekstevek Posts: 29,615 ✭✭✭✭✭


    << <i>I think it's interesting that 99% of the problems I have online are related to ebay. Spoofs, re-setting password, etc.

    Everything else...paypal, amazon, online banking, online brokerage...not a problem in the world. Maybe once every 4-6 months I'll get a paypal spoof mail.

    It'd be scary if ebay was an online bank, wouldn't it? >>




    Banking scams are actually far worse overall out there. I get about ten e-mails a day from bank/credit card phishers.
  • etown99girletown99girl Posts: 259
    Now I don't trust anything I get from anybody these days. When I receive an email, I immediately assume it's bogus, a scam, or spam.

    Agree, anytime I received an email from eBay, first thing I do is go to my messages on eBay. I always reply back using eBay, even if I know the buyer or seller.

    Thanks
Sign In or Register to comment.