I got nailed on e-bay on a Phishing Scam...........

[Cut-Throat]

I am fairly computer savvy, but I was 'taken' yesterday.

I was selling something on e-bay. I got an e-mail asking about how much the shipping cost would be. I clicked the respond link, which looked exactly like E-bay. I got a sign-in screen from e-bay (I thought) - It was not. I realized it, as soon as I keyed my E-bay id and Password.

This one was very Clever, every screen looked like E-bay.

Went to E-bay and changed my password immediately.

 

[Martha]

Oh man, the bad guys are getting more clever all the time.

 

[retire@40]

I can't understand how these scam artists get away with this. You would think it would be easy to follow the money to get to these guys. I don't know what the sentencing guidelines are for the crime, but if the monetary damages are high enough, I would think they could get 20 years for each count of fraud.

Do any of these people ever get caught?

 

[TromboneAl]

Are you aware of the irony here?

Trout: It looked exactly like a mayfly. I realized it as soon as I bit it.

Thanks for the warning. I'll try to pause a bit each time I'm about to enter my Ebay password.

 

[maddythebeagle]

Do any of these people ever get caught?

I suppose it is easy to do when you are in a third world country.

 

[ShokWaveRider]

This really get's up my nose. I email eBay's safe harbor department all the time sending the URLs of SO OBVIOUS SCAM auctions that have items posted that cost over $3000-$4000, asking like $800 only if you buy through their special email address as they do not respond t their official eBay address. I established a dialog via email with one and pretended I wanted to buy, they only accept Western Union a non reversable Payment meathod, and when I agreed finally to pay Cash and Pick the item up as I purposly chose a seller who was close to me, they said they were in Europe and could not accept a pick up delivery. By the way I did this a few times.

Man this is so easy to find if you write a piece of code to scan auctions, looking for embedded email addresses or web sites (which is not allowed by eBay by the way) but they do NOTHING. These auctions are up for at lease 3 days to a week. Maybe after about 6 emails from me they finally do something. But they are as proactive about this stuff as a used soap dish.

Check out Laptops..... take a look a search of T43P and check the ones that are $1 starting bid. I have given up. I am looking for a T43 but would NEVER get one from eBay.

Off Soap Box.

Swr

 

[nuisance]

I am fairly computer savvy, but I was 'taken' yesterday.

The easiest way to prevent this from happening is to never click on a link you get in an e-mail. Pretty much every company you might want to give money to online makes it quite easy to get to the relevant page from their main website (and Ebay is particularly good about this). So instead of clicking on the Ebay link, just type www.ebay.com in your browser's URL bar (or bookmark it to save yourself some typing).

Just about every week a new bug is discovered in some browser or other that makes it harder for you as a user to tell what website you're actually looking at, even when you remember to check after clicking the link. You can't count on your browser's display to be accurate in this.

Tim

 

[acg]

This is what I am worried about, too...as I posted a WARNING! just the other day: 

A program last night on CBC network is further warning folks on the recent E-Bay and PayPal vulnerabilities.

It got me thinking about the use of this forum and the $$$ opportunities for cyber criminal syndicates to access this site as a registered participant and open up vulnerabilities to get further info from FIRE's. There are very sophisticated criminals out there seeking info and personal information to then send phoney e-mail warnings from official looking internet banking site "copies" warning individuals that their personal security info has been breached and to simply "click" here to continue to get further urgent messages. Without thinking, folks are clicking and then bam, they get into all your personal on-line banking info!!! Scary stuff!!!

I am rather new to this site, and have been impressed by the quality and the content of the discussions, but exactly who is Dory, Martha, Laurence and all the "forum moderators"? For all we know, Martha could really be "Vladimir" who is part of a very educated and sophisticated crime ring in the Ukraine who sells and obtains lists of thousands of newly obtained credit card numbers for $2 each to someone in Al Qeida!!!

I am sure everyone will want to chime in...

But hey, we do not really know who we are speaking to!!!

 

[Cut-Throat]

The easiest way to prevent this from happening is to never click on a link you get in an e-mail. Pretty much every company you might want to give money to online makes it quite easy to get to the relevant page from their main website (and Ebay is particularly good about this). So instead of clicking on the Ebay link, just type www.ebay.com in your browser's URL bar (or bookmark it to save yourself some typing).

Tim,

You've obviously never sold anything on E-Bay! Hey, I've got a better idea, just don't use computers!

 

[Cut-Throat]

Are you aware of the irony here?

Trout: It looked exactly like a mayfly.  I realized it as soon as I bit it.

Thanks for the warning.  I'll try to pause a bit each time I'm about to enter my Ebay password.

I like it Al !!

I noticed that when I was posting it!

 

[Ginger]

I had to order flowers yesterday for a friend who lives in New York (I live way out in Southern California) -- so I am on the phone giving out my credit card information. Just makes me cringe giving out my c/c number. Makes you really wonder how long companies hold that paperwork info and who is taking down the credit card number.

 

[wabmester]

The easiest way to prevent this from happening is to never click on a link you get in an e-mail.

Yup, I'm with you on this one, Tim. I even take it one step further and simply don't use an HTML mail reader. Good old ASCII works great for any mail I want to read.

eBay gives you a web-based control panel (myEbay), so you never have to take an email link.

If there's a link you just can't resist taking from email, do two things first:

1) Look at the email header information in the mail. This will tell you which machine generated the mail, and it's usually a dead giveaway when some phisher generated it. Different mail readers have different methods for getting to the header info, but most of them should have this feature.

2) Copy and paste the link into your browser. HTML gives the phisher the ability to hide the URL under link text, so you'll want to directly examine the URL before taking the link. This is usually a dead giveaway as well, but it is possible to create obfuscated URLs that will look legitimate on the surface, so you may have to really stare at the URL for a second before taking the link.

 

[renferme]

Two weeks ago, I received an email, supposedly from Chase, saying that my account may have been breached, and that I should click on the link below, and enter my id and password.
When I clicked on the link, it brought up a screen that looked exactly like the log on screen for Chase, except for one thing. The http address was not from Chase.
So, I did not "log in" ; called Chase to report the fraud. Of course, they said "do not log on that site" and I didn't.
Moral: don't believe any emails that you receive; call the company to verify that the email is valid.
Ray

 

[BigMoneyJim]

I get lots of email that claims to be from eBay or one of several banks. I have an eBay account but haven't used it in a while, but I don't have accounts with any of the banks. PC user beware!

 

[JPatrick]

I had to order flowers yesterday for a friend who lives in New York (I live way out in Southern California) -- so I am on the phone giving out my credit card information.  Just makes me cringe giving out my c/c number.  Makes you really wonder how long companies hold that paperwork info and who is taking down the credit card number.

Some CC companies will let you use "virtual #'s" which are good for one use only.  So if someone gets the # from the flower company it is of no value.

 

[Ginger]

JPatrick, going to check that out and use next time I order over phone! thanks --

 

[Tadpole]

There is a very active ebay phishing attack going on. I have never used ebay or paypal. However, I went over to ebay one day to see what it was. Note I did not login or do anything really. That very week I received a phishing attempt which, unless someone can argue differently, must have been coincidental. I went to the ebay site and reported it and deleted the mail after some communication with them. They know about the problem. The attack came through a email address known only to my relatives. I received another last week and just deleted it.

MBNA has a feature that I like for dealing on the internet with credit cards. They will generate a fake credit card number for you that you can set to a maximum value and set a time limit that it is good. Since I always pay off the card each month, I don't mind the higher interest on this card.

 

[wabmester]

Discover also offers the one-time credit card number generator. I use it all the time for my online purchases.

eBay has become saturated with fraud. I can't even list something without getting an offer from Nigeria. And these bozos keep using the buy-it-now feature which forces me to relist and request a credit from eBay. Lots of fraudulent sellers on the site too. It's become a genuine black market.

 

[Sheryl]

I get those e-bay phishing expeditions frequently.

One that really had me going a few months ago was a ticketmaster scam.

Long boring story - but it was a case where they made something look very obviously like a confirmation that I had bought tickets I never bought - and offered links to click on.

Again - NEVER CLICK ON LINKS IN E-MAIL!

 

[nuisance]

You've obviously never sold anything on E-Bay! Hey, I've got a better idea, just don't use computers!

I've sold some stuff on Ebay, and buy from there fairly regularly. I admit I do click the links in e-mail I get from Ebay. I feel I know enough about e-mail and the web that I can safely do so. In fact I enjoy looking at the scammers' e-mails that make it through my spam filter to see what the latest tricks are. That said, I think the only safe advice to give to people who don't enjoy that kind of thing is to not click on links in e-mail you get. As wab said, just go to your My Ebay section where they've done an excellent job of collecting all the links you're likely to care about.

Tim

 

[ShokWaveRider]

Cut Throat:

I got exactly the same email you got today. I sent it to eBay, explaining it is getting ridiculous that so many scams are focusing on ebay.

I still get the feeling they are only interested in sending positive vibes to wall street to bolster their stock prices. From a software persepective, there is a lot more they can do. e.g. protect their logos from download, etc.

SWR