Clever little E-Bay Scam I Fell For. :-(
Jdurg
Posts: 997 ✭
Thankfully, I caught the scam and quickly changed my account information. I received an e-mail which looked just like a legitimate E-Bay e-mail to inform me about a private message. The text of the message was:
"Hi,
Is the item still available for sale? Let me know because I'm online and I can pay you right now.
Thank you,
welshdruid"
I had some items that were up for sale in the past month that never sold, so I clicked on the "reply now" button and signed in. After signing in, I saw that there were ZERO messages in my inbox. Hmmm. That seemed kind of funky. So I looked around a bit more and saw that there wasn't anything in there. I then got suspicious and went back to my e-mail. I hovered my mouse over each of the "buttons" in the e-mail and saw the following address:
http://e210196141084.ec-userreverse.dion.ne.jp/csvdata/D0004/joukyou/yoteihyou1.nda/signin.ebay.com/ws/eBayISAPI.dll/SignIn/index.html?MfcISAPICommand=SignInPowerSeller&siteid=0&co_partnerId=2&UsingSSL=1&ru=&pp=&pa1=&pa2=&pa3=&i1=-1&pageType=-1&userid=
The start of that address, ending in .jp, made me VERY suspicious. Figuring that I fell hook, line and sinker for that scam I immediately closed out of ALL open IE windows, opened up a new one and went right to www.ebay.com. I signed in and changed my password immediately. So while they may have my old password, it will not work. Be EXTRA careful and make sure that you don't fall for this one. It's well done and I'm going to try and figure out whom I should forward this to so these f*%kers can get raped.
"Hi,
Is the item still available for sale? Let me know because I'm online and I can pay you right now.
Thank you,
welshdruid"
I had some items that were up for sale in the past month that never sold, so I clicked on the "reply now" button and signed in. After signing in, I saw that there were ZERO messages in my inbox. Hmmm. That seemed kind of funky. So I looked around a bit more and saw that there wasn't anything in there. I then got suspicious and went back to my e-mail. I hovered my mouse over each of the "buttons" in the e-mail and saw the following address:
http://e210196141084.ec-userreverse.dion.ne.jp/csvdata/D0004/joukyou/yoteihyou1.nda/signin.ebay.com/ws/eBayISAPI.dll/SignIn/index.html?MfcISAPICommand=SignInPowerSeller&siteid=0&co_partnerId=2&UsingSSL=1&ru=&pp=&pa1=&pa2=&pa3=&i1=-1&pageType=-1&userid=
The start of that address, ending in .jp, made me VERY suspicious. Figuring that I fell hook, line and sinker for that scam I immediately closed out of ALL open IE windows, opened up a new one and went right to www.ebay.com. I signed in and changed my password immediately. So while they may have my old password, it will not work. Be EXTRA careful and make sure that you don't fall for this one. It's well done and I'm going to try and figure out whom I should forward this to so these f*%kers can get raped.
I collect the elements on the periodic table, and some coins. I have a complete Roosevelt set, and am putting together a set of coins from 1880.
0
Comments
``https://ebay.us/m/KxolR5
<< <i>I'm just lucky that I noticed the "flaw" in the URL there. >>
Yeah, it only sticks out like a 100 foot flashing neon billboard.
Russ, NCNE
<< <i>Forward the E-mail with headers to, spoof@ebay.com. >>
Yeah, I contacted E-Bay's spoof department and gave them all the information they needed. They've responded and all is taken care of now.
http://1150207322 is a safe one that will take you to yahoo's main page. Would you guess that this is www.yahoo.com?
NSDR - Life Member
SSDC - Life Member
ANA - Pay As I Go Member
Twitter
<< <i>Thanks for the warning. >>
Folks, just don't click through for ANYTHING out of your email in box. How many times does it need to be said????????
New collectors, please educate yourself before spending money on coins; there are people who believe that using numismatic knowledge to rip the naïve is what this hobby is all about.
<< <i>Folks, just don't click through for ANYTHING out of your email in box. How many times does it need to be said???????? >>
This can't be repeated enough.
My icon IS my coin. It is a gem 1949 FBL Franklin.
<< <i> Yes, I could show a lot of obfuscation techniques that trip up people who think they are attentive. Here is one that very few IT folks are even are of.
http://1150207322 is a safe one that will take you to yahoo's main page. Would you guess that this is www.yahoo.com? >>
Let's be clear about Phishing schemes... in *most* cases, clicking on the URL is NOT the problem. It is NOT noticing that the URL you clicked on is is not the site you intended to go to in the first place.
Now, it should be said that with the last two years, the IE browser had several flaws that allowed attacks against your PC when you simply clicked on a URL, a phishing scheme or not. Those IE flaws have been patched and should not be a problem anymore.
If you want to be a little more safe, I would switch to the Mozilla Firefox browser. While no browser is w/o flaws, Firefox is years ahead of IE.
IE has been patched and will continue to be patched. MS Outlook is fundamentally flawed in how it employs and presents HTML content. For starters, there is ansolutely mo excuse for not having a status bar to immediately show a link you mouse over. HTML mail is bad in general. People have this misconception that if they are up do date on virus definitions and patches that there is no problem opening an HTML message. For starters, just opening some SPAM in HTML validates your address and instantly sends an effective read receipt meaning you will get more and more SPAM because of it. How do they do this? Simple. They embed an image, usually a non-existent 1-pixel image, in the HTML source. The name of it (or a silly query string postpended to it) identifies your email address and the specific SPAM campaign the email was part of. Sometimes it looks more cryptic or relates database pointers , but that is all there. So, this ends up in a web server log with a time stamp showing when you read it. Open it several times and you look like an eager consumer of that anatomical enlarger or similar goods or services.
Plain and simple, don't open email from sources you don't know. View the headers first for questionable ones. If they say they are PayPal and come from some DSL or residential cable IP, just delete it.
NSDR - Life Member
SSDC - Life Member
ANA - Pay As I Go Member
<< <i>http://1150207322 is a safe one that will take you to yahoo's main page. Would you guess that this is www.yahoo.com? >>
That's a fun way to set up spoof pages. Just use a real URL for, example, a news site, add @ and use one of your own IP addresses converted to decimal.
<< <i>If we just changed to plain text emails, every email phishing scam would be dead in its tracks. >>
Yep.
<< <i>MS Outlook is fundamentally flawed in how it employs and presents HTML content. For starters, there is ansolutely mo excuse for not having a status bar to immediately show a link you mouse over >>
Eudora rules.
Russ, NCNE
<< <i>MS Outlook is fundamentally flawed in how it employs and presents HTML content. For starters, there is ansolutely mo excuse for not having a status bar to immediately show a link you mouse over >>
Right click, then view source code.
http://my.affinity.is/cancer-research?referral_code=MjI4Nzgz
<< <i>Eudora rules.
Russ, NCNE >>
What Russ said...
<< <i>You really should run spyware software in addition to an antivirus scan. I would check my firewall for program accessability. If something is new to you in there then restrict access. I would also disable "remote logon", "remote registry", and "windows messenger" as these are frequently overlooked security issues and hackers use them all the time to gain access to computers. >>
Remote logon, remote registry and windows messenger were the first things I disabled/uninstalled when I put my computer together a few years ago.
It alerts you when you are on a fake eBay or Paypal site and even lets you know when you are on a safe one.
Not to mention a list of other features that make the ebay experience a lot more pleasant.
Check it out, it really works.
Just go to My Ebay, scroll down and look on the left side under Related Links, click on Download Tools, then Ebay Toolbar.