Caution, phishing scam getting more sophisticated
notwilight
Posts: 12,864 ✭✭✭
Normally phishing scams are pretty transparent, often written in obvious ESL with generic terms because they are computer generated to a large number of ebay sellers. Today I got one that was customized and much more sophisticated.
1. It came to my email inbox. It looked like an ebay message (so far nothing new). However, it was a question about an expensive coin ($15.000+) that I recently sold and ended the auction. The question was, "I'm still waiting for your reply. Please tell me if you sold the 2008-W PCGS PR70 DCAM $100 American Platinum Eagle First Strike. Very Difficult. or not because i want to buy it. Thank you! Phillip" I clicked on the respond button and the login screen came up. Even in my early morning haze I didn't log in. I went to my ebay inbox and the question wasn't there.
2. I clicked on ebay user ID and feedback number in the email and they are legit!!! They take me to a real ebay member and his feedback. I looked at his feedback and he looks like a casual ebay buyer who doesn't buy anything expensive or any coins. My guess is the scammer picked his profile at random and linked to it. He probably doesn't even know.
3. I typed gibberish into the logon screen that comes up when I clicked the link to answer the question. The gibberish was accepted and I was directed to the real ebay site. So if you fell for the scam, it then spits you out on the real site so you don't know you've been phished.
I suspect the linked ebay ID has no idea his ID is being used. I doubt his account has been compromised. I sent him a message through ebay crafted to try to ascertain if he is involved but highly doubt it. I quit reporting phishing to ebay years ago but may report this one. Do they still have an email ID to forward these too? wasn't it scam@ebay.com or something like that?
I haven't seen this level of sophistication before. Be careful out there. The gibberish test is always good if you think you're on a legitimate site but aren't sure. The legitimate site will say , "wrong user ID or password" the phishing site will accept the gibberish.
--Jerry
1. It came to my email inbox. It looked like an ebay message (so far nothing new). However, it was a question about an expensive coin ($15.000+) that I recently sold and ended the auction. The question was, "I'm still waiting for your reply. Please tell me if you sold the 2008-W PCGS PR70 DCAM $100 American Platinum Eagle First Strike. Very Difficult. or not because i want to buy it. Thank you! Phillip" I clicked on the respond button and the login screen came up. Even in my early morning haze I didn't log in. I went to my ebay inbox and the question wasn't there.
2. I clicked on ebay user ID and feedback number in the email and they are legit!!! They take me to a real ebay member and his feedback. I looked at his feedback and he looks like a casual ebay buyer who doesn't buy anything expensive or any coins. My guess is the scammer picked his profile at random and linked to it. He probably doesn't even know.
3. I typed gibberish into the logon screen that comes up when I clicked the link to answer the question. The gibberish was accepted and I was directed to the real ebay site. So if you fell for the scam, it then spits you out on the real site so you don't know you've been phished.
I suspect the linked ebay ID has no idea his ID is being used. I doubt his account has been compromised. I sent him a message through ebay crafted to try to ascertain if he is involved but highly doubt it. I quit reporting phishing to ebay years ago but may report this one. Do they still have an email ID to forward these too? wasn't it scam@ebay.com or something like that?
I haven't seen this level of sophistication before. Be careful out there. The gibberish test is always good if you think you're on a legitimate site but aren't sure. The legitimate site will say , "wrong user ID or password" the phishing site will accept the gibberish.
--Jerry
0
Comments
I just noticed that the ebay ID is similar to another ebay ID that recently bought a $1000 coin and hasn't paid. However, that buyer appears legit-has a feedback history of buying modern graded coins. I'll post here if there turns out to be a link. Right now I think it is a coincidence. --Jerry
<< <i>Normally phishing scams are pretty transparent, often written in obvious ESL with generic terms because they are computer generated to a large number of ebay sellers. Today I got one that was customized and much more sophisticated.
1. It came to my email inbox. It looked like an ebay message (so far nothing new). However, it was a question about an expensive coin ($15.000+) that I recently sold and ended the auction. The question was, "I'm still waiting for your reply. Please tell me if you sold the 2008-W PCGS PR70 DCAM $100 American Platinum Eagle First Strike. Very Difficult. or not because i want to buy it. Thank you! Phillip" I clicked on the respond button and the login screen came up. Even in my early morning haze I didn't log in. I went to my ebay inbox and the question wasn't there.
2. I clicked on ebay user ID and feedback number in the email and they are legit!!! They take me to a real ebay member and his feedback. I looked at his feedback and he looks like a casual ebay buyer who doesn't buy anything expensive or any coins. My guess is the scammer picked his profile at random and linked to it. He probably doesn't even know.
3. I typed gibberish into the logon screen that comes up when I clicked the link to answer the question. The gibberish was accepted and I was directed to the real ebay site. So if you fell for the scam, it then spits you out on the real site so you don't know you've been phished.
I suspect the linked ebay ID has no idea his ID is being used. I doubt his account has been compromised. I sent him a message through ebay crafted to try to ascertain if he is involved but highly doubt it. I quit reporting phishing to ebay years ago but may report this one. Do they still have an email ID to forward these too? wasn't it scam@ebay.com or something like that?
I haven't seen this level of sophistication before. Be careful out there. The gibberish test is always good if you think you're on a legitimate site but aren't sure. The legitimate site will say , "wrong user ID or password" the phishing site will accept the gibberish.
--Jerry >>
forward it to spoof@eBay.com
Someone had been trying to steal my credit card identity lately. They have tried twice to set up an account with some HP vendors. They don't have enough of my info, but the 2nd attempt had more info than the first attempt. Like notwilight says, be careful out there.
I knew it would happen.
Once the whole thing got undone, I shortly thereafter cancelled my eBay account and got out of there for good.
Gmail offers a setting under "labs" that marks authentic ebay and Paypal emails with a key. I have never received a fake ebay or Paypal email in my inbox anyway with Gmail, but it offers another layer of protection.
Second, if you go to the real ebay login page, any modern browser should show a green bar, area or something around the address and say ebay inc. [U.S.]. If you don't see that, its not real.
Also, very basic, doesn't every ebay email put your username in it? If you don't see that its fake too.
In God We Trust.... all others pay in Gold and Silver!
This goes for out of the blue email from friends as well. Check everything since a hacked email account reveals addresses and literally anything can be spoofed.
The name is LEE!
<< <i>Spoof@eBay.com >>
jot it down and send it there. best advice