PDA

View Full Version : New (to me) internet phishing scam



bob ward
11-12-2007, 02:36 AM
I've just received 2 authentic looking ebay invoices, one to each of my 2 email addresses, for a legitimate ebay item which I have won without even bidding on it.

The scammer is looking for ebay names and passwords. When you click on "Pay Now" it takes you to an authentic looking ebay sign in page, except the URL at the top of the page is definitely not the ebay URL.

After signing in - in these cases my user name is usually eatsh*t and my password is gof**kyourself - you are dropped back at the item's ebay page. Item #330184599235 for those interested in handbags.

Quite ingenious in a sinister way. Presumably the scammer's goal is not so much the ebay log in info itself, but he/she would trawl through the passwords looking for people who use the same password for ebay AND PayPal. With dire results for your PayPal balance.

DickDastardly40
11-12-2007, 03:46 AM
This happened to me very recently supspiciously also just after I'd 'sold' a myford super 7 to a hijacked account for smack on the reserve. The email in this case related to the paypal payment info from the winning bidder whose user name was different to the hijacked account. I did a similar thing with user name: bumtrumpet password: @rsetoffee

Ebay were straight on it before I could check out the other bidders on my auction and the listing disappeared before I could offer a second chance to the next highest bidder.:mad: They did refund the listing fee though.

I always check the url and for a padlock before entering any user data.

Al

chief
11-12-2007, 04:41 AM
Any real ebay messages will be posted in the "my ebay section" of your account, if it isn't there, it is a scam. Same with paypal, log on to the offical site and check your messages.
BTW I won $820,000 yesterday in the world cup soccer raffle, I can get the money just as soon as I pay a $150 processing fee via credit card to some Nigerian dudes in the UK.

Doc Nickel
11-12-2007, 08:48 AM
I should point out that, as much fun as "replying" with bogus names and/or addresses is, it's completely pointless since there's almost never a human in that part of the loop.

If you were to "log in" with an authentic username and password, the scammers system would first, record that it got a "hit"- IE, some kind of response, indicating your E-mail account and/or eBay account is "live".

Second, it'll record the username and password, and almost instantly attempt to log in to your actual account. This is done automatically- and usually quite quickly- as the timeframe for this sort of scam is short, possibly as little as a few minutes.

If it gets a "hit"- a successful log in to an authentic eBay account- it'll first try to automatically change the password, hijacking your account.

If that works, the more sophisticated systems can automatically post auctions- typically for high-demand "buy it now" items like iPods and digital cameras.

Remember, this can all be done automatically- there's no human in the system once it's up and running, and all the scammer has to do is basically tell it where to send the money.

It'll also likely try the info on whatever PayPal account is attached to the eBay account, and again, if it gets a 'hit', it'll change the password, submit an account-change request, and drain whatever's in there. God help you if you have a credit card attached to the account.

And, thanks to the nature of the internet, it's not uncommon- in fact, pretty normal- for the scammer to be in Russia, the computer he's using for access in England, which operates "zombie" networks (infected personal computers) located in the US. A couple of wire transfers for the money, and it's essentially untraceable.

Don't bother replying to any scam like that. It's a waste of your time, and verifies your address as "live"- which is valuable information in and of itself. (Other scammers buy lists of 'known good' addresses on a regular basis, and for surprisingly big money.)

Just delete it and forget about it.

Doc.

Paul Alciatore
11-12-2007, 10:19 AM
That's why I always transfer any funds in my Pay Pal account to my bank account as fast as possible. I also use a completely different password for Pay Pal.

You have to be suspicious of anything on the internet.

RPease
11-12-2007, 01:25 PM
You have to be suspicious of anything on the internet.

Do you think we need to start getting suspicious of this site?? Seems like we're getting lots of OT posts for a machining site..........LOL