Jump to content

Recommended Posts

I had a message from Ebay today, well at least it said it was Ebay. It was addressed to Ebay customer. Flag went up. Official logo and everything official looking. It said when I registered a few years ago I agreed to give a little info about myself, SSN, address, etc. etc. Another flag went up. When I wanted to look at the form they wanted me to fill out I had to sign in. That sent up an additional flag, because they would already know my screen name and password. Said if I don't respond in 48 hours my account will be terminated. Maybe Arnold bought Ebay!!

Link to post
Share on other sites

I have had that too. Several times actually. It is a scam to get your password. You were right to have those flags go up. Never ever give your password unless you are actually on the site. Be aware that there are numerous similar scams like that going on for paypal as well. So a word to the wise ...... be careful. smirk.gif

Link to post
Share on other sites

HWS,& Doug, as soon as you get one of those, forward it to spoof@ebay.com You will get a message from them thanking you and they will contact bob etc... I also get them asking for the same stuff from paypal. Forward this e-mail to spoof@paypal.com and you will get the same response from the real corps... This will help to end that thread, but I still get a "new" request about every 2-3 weeks. DO NOT REPLY TO THESE THINGS!!! Karl

Link to post
Share on other sites

<div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body"> Never ever give your password unless you are actually on the site. </div></div>

<span style="font-style: italic"><span style="font-weight: bold">...and YOU were the one who initiated the contact through proper channels you can vouch for personally!!!</span></span>

I too have had several of these phony eBay messages. I've also had at least two from <span style="font-style: italic">Citibank</span> requesting that I submit information updating my account. (Particularly interesting in that I <span style="font-weight: bold">have never had</span> a <span style="font-style: italic">Citibank</span> account!) In both cases the email came with a link to a site that mimicked the host site of eBay and Citibank quite well. However when right clicking on the link to check the IP address they weren't what they were pretending to be at all. Anybody out of a community college course can set up a web page that is identical to legitimate sites.

25 numbers can ruin your life if the wrong people attach them to you correctly. I use a phone whenever possible

Link to post
Share on other sites

You mean that your NOT supposed to log on through their link and "create" information off the top of your head?? ooo.gif I find it great fun to create screen names, creative birthdates, and fanciful social security #, and the access number to my "secret" Arruba bank account grin.gif

Bill

Link to post
Share on other sites

I always like how poorly written these E-mails actually are, as if they were not written by someone whose first language is English ("Your account is about to be terminated in the next 5 days.").

If you roll your pointer over any links on those pages, you'll see the page they're really redirecting you to at the bottom of your browser window (if you don't have it, go under VIEW-->STATUS BAR). It'll tell you what the link really is without you having to go there.

On the other hand, people foolish enough to fall for this probably shouldn't be operating anything heavier or more complex than a plastic spoon anyway...

Link to post
Share on other sites

You guys are much braver than I even opening those obviously fake messages, they could attach a keystroke reader to your site and then the real trouble would begin. Any legit notices from financial services come via USPS and want a written signature from you if it relates to your account status. Just hit delete on the browser message post and move on. Think how much time it would be reading all the Viagra ads and pleas from Nigerian widows and then financial scams to boot. Stude8.

Link to post
Share on other sites

"This is positively your last chance. Send $1.00 cash to --------. Offer ends soon."

That was actually an ad in a newspaper years ago and thousands bit. The electronic age has just made it more sophisticated.

And are you inferring that Viagra will not enhance the hard drive on my computer? grin.gifgrin.gif Will it help my floppies? confused.gifconfused.gif

hvs

Link to post
Share on other sites

While we all were enjoying the beautiful weather at Hershey this year, my E-bay account was tampered (hijacked?) and someone listed a special triatholon bicycle under my user name. Then they changed the e-mail address on the personal page. I think you can guess what would have happened: winning bidder contacts "seller" via new e-mail and settles auction perhaps thru Pay-pal which uses e-mail address. I was alerted because E-bay sent me the change of e-mail notice, a precaution E-bay places in case of something like this. They send notices when there is any change to your account. I ended the auction and E-bay cleared it up and possibly chasing the culprit. The IP address and subaddress are listed in the mails. The reserve the bicycle had was $3,900.

On another note, I'm happy to report my 1930 Lincoln took a Senior at Hershey. Ahhh the thrill of victory..........

Chris

Link to post
Share on other sites

Congrats on the Senior!

Just for my own peace of mind. On you account that was hijacked, would you say your password was one that was easily guessed or something difficult with numers and letters. How do you think they were able to access your account to make the changes? I understand you can't go into detail but I would appreciate any info that may help myself and others here to avoide the same situation.

Dan

Link to post
Share on other sites

Dan (56BuickSuper), The password was a combination of letters and numbers. The letters could have been guessed, but the combination of both.....unlikely. What I think happened was I got hit with a peice of spyware that may have been a keystroke reader. Since this occurred, I used Spybot, Ad-Aware6 and CW Shredder with complete success (so far). The lesson here is to change passwords often (30-60 days) and make them a series of letters, numbers, and special characters. US Army (my employer) policy is: at least 10 Characters, at least 2 lowercase, at least 2 uppercase, at least 2 numbers and at least 2 special characters. We need this kind of aggressive defense because you wouldn't believe what we get hit with on our servers and computers (like 28K hits per month). Unfortunately remembering this is tough, but try formulating it around things YOU are familiar with. Example, a guy likes menu item #32 sweet & sour pork with duck sauce at his local chinese food at Kyong T. Fat takeout: KYT-ssp$#32W/DS.

Chris

Link to post
Share on other sites

Thanks for the reply Chris, I appreciate your input. Sounds like you got this down to a science. If a person with your knowledge and experience can have their account stolen how much of a chance do the rest of us have?

The advice on the passwords is spot on. My employer has similar requirements and I try to do the same for my accounts. That was the reason I asked about your password. If your password had been something simple I would understand somewhat but knowing that it was more complicated just makes it scary

Dan

Link to post
Share on other sites

Lately there are a lot of different scams out there involving several online auctions. I had sold a car on Ebay a few months ago and when the guy came to pick the car up he was more then happy with it. Now after a few months I got an email from another company with an Ebay logo on the page stating that the buyer started a claim against me that the car was listed wrong requesting that I pay him over $1,000. After speaking to a few people I found that the scam is like a scare tactic that people are using to get money back off of the seller after they have already purchased the car. Needless to say they get deleted every time.

The second scam I heard of is where a person wins an auction and sends the seller a check for more then the item was and wants the seller to send the ballance to a third party for shipping costs but they want the money sent asap to speed the process up. Someone I know actually still has a check for $4,500 that was sent to him for a $2,000 car.

I guess you just have to be carefull so you dont get shafted.

Link to post
Share on other sites

<div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">

The second scam I heard of is where a person wins an auction and sends the seller a check for more then the item was and wants the seller to send the ballance to a third party for shipping costs but they want the money sent asap to speed the process up. Someone I know actually still has a check for $4,500 that was sent to him for a $2,000 car.

I guess you just have to be carefull so you dont get shafted. </div></div>

I've still got a $14,500 check someone sent me for my $10,500 Mazda Miata. The check was totally fake, but the faker was kind enough to put Wachovia Bank's real phone number on the back so I could verify that fact. And it went exactly like you said--he agreed to buy the car, said he would have a "customer in the US" (because these guys never live in the US) send me a check. Since the customer of his owed him more than he was paying for the car, I would refund him the difference after taking out shipping costs. A few days after the check arrived, he got very insistent that I send the car immediately and refund the difference because, after all, it was a CERTIFIED BANK CHECK and was therefore good immediately. Best of all, HE threatened to sue ME over it!

I play along for a while, curious to see what would happen, and keep stringing him along. I told him a few things, like I'd be having my brother drive the car to Florida where he would arrange shipping overseas, where should I send it? Or that I just got a new job with the FBI investigating Internet fraud, and that's why I haven't had time to arrange shipping yet, etc. Eventually the guy just gave up.

Dopes.

Link to post
Share on other sites
  • 2 weeks later...

To all:

It happened to me. I had to change my password in order to clear it up. Then I sent a scathing letter to E-bay asking how someone without my password can get into my personal page on their supposedly secure site and change my e-mail address. I also sent another more scathing e-mail to the person who now had my user id and his e-mail address and told him in no uncertain terms that the FCC would knocking on his doorstep sometime soon. I have not had a re-occurance since. There is another scam going on as well. If you sell a car on ebay do not indicate taking a cahiers check. if you do you will then get an e-mail from another, "not to familiar with the English language" person who is acting as an agent for several buyers one of whom is interested in your car. this person can get "only One' casiers check to cover purchase, shipping ad the "agents" fee. you then deposit the cashiers check thinking they are like cash, quickly send the agent his fee out of your account, and then a few days later find out that either the cashiers check was a phoney or a stop payment was issued right after it was made out, so now you are out the 'agents' fee.

Link to post
Share on other sites
  • 3 weeks later...

>>I play along for a while, curious to see what would happen, and keep stringing him along. I told him a few things, like I'd be having my brother drive the car to Florida where he would arrange shipping overseas, where should I send it? Or that I just got a new job with the FBI investigating Internet fraud, and that's why I haven't had time to arrange shipping yet, etc. Eventually the guy just gave up.<<

WATCH OUT.... someone I know got a fake check for a Camaro he sold via the mentioned scam. Deposited the check, bank was 100 percent sure it was a good check, two days later they call saying they want their money back. BAD THING IS THAT MY FRIEND GOT HIT WITH A $50 CANCELED CASHIERS CHECK FEE.

In other news the best thing to do if you get a email from one of these nitwits is to just forward it all to the abuse center for what ever domain it originated from... for example if it's from...

LarrysCars@bigfoot.com

Then forward entire message and headers to...

abuse@bigfoot.com

And usually the service provider will check into the email and close the account leaving the dipwad with a lot of emails sent and no way for them to find their way back.

Link to post
Share on other sites

<div class="ubbcode-block"><div class="ubbcode-header">Quote:</div><div class="ubbcode-body">You mean that your NOT supposed to log on through their link and "create" information off the top of your head?? ooo.gif I find it great fun to create screen names, creative birthdates, and fanciful social security #, and the access number to my "secret" Arruba bank account grin.gif

Bill </div></div>

This is not a prudent thing to do unless you are using an anonymous remailer to respond to their email, or you are entering the bogus data from a system that you will never, ever use to login to eBay or PayPal. The fact that you received an email means that they have your email address... and often your name. By replying directly to their email or logging into their system to put in 'fake' data, you may be giving them the third piece of information they need: Your IP Address. This then allows the Bad Guys to create a spoof contact to your vendor (eBay, PayPal, Bank, Investment Firms, Part Supplier, etc...) using your own data. This is most often in the form of a "Lost Password" request, and it can fool many systematic password replacement forms and many online Live Operator forums. Next thing ya know, you try to login but your password doesn't work.... trouble.

It may be fun, but it is not worth the risk if you do any trading or commerce online.

Link to post
Share on other sites

Last week I received five separate fake e mails saying they were from e bay or pay pal. I investigated the matter. The proper way to deal with it is to forward the message to spoof@ebay.com. Do not alter the subject line, just forward the message. The reply I received from eBay was the messages were false and they had been sent on the authorities. The reply from eBay was immediate. Regards, gvd.

Link to post
Share on other sites

One of the most common and easiest ways to get your personal info is with a browser hijacking. Browser hijacking programs are often attached to email or websites and you don't even need to open attachments to get them. They install themselves on your hard drive and start up automatically when you reboot your computer. Some of them will immediately redirect you to another website, browser or in some cases, a look-alike website like Ebay. You think everything is fine but when you log in you are actually logging in at a website thats stealing your info. Instead of getting into the normal site, you'll probably just get an error message, or the log in screen will just reappear and you'll keep trying to log on. Of course whats really happening is that your password and any other info is being sent to a remote system somewhere so someone can empty your bank account. Best way to avoid these problems is up front by maintaining adequare firewall protection. Spybot, CW Shredder, Ad-a-ware are all good at scanning and defeating these things once they get into your PC but you need to keep them updated and run the scans often.

Terry

Link to post
Share on other sites
  • 4 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...