Slashdot Mirror
eBay Customers Targetted by Credit Card Scam
hether writes "Customers of the auction site eBay have been targeted by a site called ebayupdates.com. The site attempts to steal credit card details from eBay's 55 million customers. The SANS Institute Internet Storm Center issued the warning on this one. Info about the scam can be found on the BBC site, CNN, CNet, vnunet, and more.
Funny enough there's no mention of this on the eBay site..."
And I was about to start buying things from ebay. Thank you slashdot...
eBay credit card scams are not new. I've received half a dozen of them in my spambox. Strangely enough, they were all addressed to the email-address I only use for eBay. What a strange coincidence.
While trying to retrieve the URL: http://www.ebayupdates.com/
The following error was encountered:
Unable to determine IP address from host name for www.ebayupdates.com
Sounds like they've mentioned it on the website to me.....
WHOIS Record:
Domain Name.......... ebayupdates.com
Creation Date........ 2002-12-06
Registration Date.... 2002-12-06
Expiry Date.......... 2003-12-06
Organisation Name.... Tred
Organisation Address. 1742 BOLTON VILLAGE LANE
Organisation Address.
Organisation Address. NICEVILLE
Organisation Address. 32578
Organisation Address. FL
Organisation Address. UNITED STATES
Admin Name........... Eulalia Bergenthal
Admin Address........ 1742 BOLTON VILLAGE LANE
Admin Address........
Admin Address........ NICEVILLE
Admin Address........ 32578
Admin Address........ FL
Admin Address........ UNITED STATES
Admin Email.......... qspam52@aol.com
Admin Phone.......... 713-552-6332
Admin Fax............
Tech Name............ YahooDomains Techcontact
Tech Address......... 701 First Ave.
Tech Address.........
Tech Address......... Sunnyvale
Tech Address......... 94089
Tech Address......... CA
Tech Address......... UNITED STATES
Tech Email........... domain.tech@YAHOO-INC.COM
Tech Phone........... +1.6198813096
Tech Fax.............
Name Server.......... yns1.yahoo.com
Name Server.......... yns2.yahoo.com
Also...
does nobody read articles anymore?
Would help if ya did before you slagged off ebay for not encrypting CC numbers
I have created a database of people ripped off by these ebay scams. if you think you are one of them, please send your name, address, and credit card number with expiration date to ebayscam@scamalert.com Let's get to the bottom of this scam!
=If life was easy, i would be out of a job=
Perhaps if you'd read the article instead of trying to get an early post, you'd know that the numbers aren't stolen - the site, ebayupdates.com, fools people into thinking that they are affiliated with the real ebay.com, and asks them to re-enter their financial information. It has nothing to do with credit card databases or encryption - just new take on a tried and true con that has been around for probably centuries.
Read the article. The card numbers were not stolen from Ebay, rather tricked from customers directly. This is a social engineering scam, and there's nothing really the Ebay could do to prevent it. Any site could have their identity ripped off by someone pulling such a scam.
Does nobody read the articles anymore? =)
This is not about eBay's security. It's about a spam scammer that tricks users into going to a third party website and reenter their credit card details.
Though, I'm sure the scammer encrypts all credit card details, in order to protect the customers. =)
The information was stolen by getting users to go to a site that LOOKED like an eBay site and get them to give that site the information directly.
Just the usual victimization of the stupid. Most people apparently didn't fall for it and just notified eBay of the scam, and the scamming site was shut down in short order (I believe it's been down at least a couple days now.)
Good to know internet consumers are gradually getting less gullible.
paintball
You haven't read any of the articles, have you ?
A couple months ago I received an email notifying me that eBay was updating its records and needed me to re-enter my user and credit card information.
The site was at http://www.cgi5-ebay.cc/eBayISAPIdll/signin.html. Obvious to any experienced computer user as a scam.
But since I was sure unsuspecting users may be duped, I decided to do something about it. I contacted the service provider, A Plus (aka Abacus), informed them of the scam, and requested that they shut it down. Within an hour the site was offline.
Too bad I didn't submit this to news wire services. Oh well.
Problem: Credit card theft by a scam artist web site.
/.ing the slimey bastards til their servers cry out for mercy.
/. for using their powers for good instead of evil (this time). Hey, someone start submitting stories with links to riaa.org.
Solution:
Kudos to
There prolly was a week ago when the news broke about it though.. check web-caches and the like. That or edit the story to begin with "You probably already know about this, but..."
Even if it was about stealing the database content your solution would fail since there had to be a way to decrypt the numbers. So "impossible" is a little too optimistic.
Hm. That domain isn't on the whitelist for the email address I give out to likely-to-deluge-me-with-spam outfits. Such as ebay. So maybe I got it. Maybe not.
I keep hearing about the "death of email" because of spam. It's really not hard. Pay for a respectable email address and don't give it to *anyone*. Create forwarding addresses that you give out. Apply whitelists to the address(es) you use for commerce. Apply blacklists (or actual spam filters) to the addresses you use for friends, family, etc. Every few weeks I go through the ~1000 emails that got filtered out on the odd chance they're not spam, and delete them. It doesn't take an hour a day - it takes more like an hour a month.
High-speed Road Trip (18.000KPH)
Hrm, seems like the friendly mac people will have their hands full now that it's widespread... Maybe we should let cnn know that the mac users can track down their fiend and get them intel and stuff.
1 2/ 2113222&mode=thread&tid=107
http://apple.slashdot.org/article.pl?sid=02/12/
01:36AM up 426 days, 2:46, 1 user, load average: 0.14, 0.11, 0.05
Citing intellectual property violations, Amazon.com quickly filed a lawsuit in reaction to ebayupdate.com's new website.
"The one-click credit card number stealing algorithm employed by ebayupdates.com is a clear violation of amazon.com's one click transaction patent," said amazon.com CEO Jeff Bezos in a statement. "Let this be a message to other sites like ebayupdates.com: Amazon.com will not tolerate one-click theft."
When reached for comment, an amazon.com spokeswoman clarified that amazon.com would not take action against a process that used at least two mouse clicks.
paintball
The information was stolen by getting users to go to a site that LOOKED like an eBay site and get them to give that site the information directly.
CNN is reporting: "HUNDREDS FOOLED AS EBAY SCAM STORY IS POSTED TO FAKE SLASHDOT SITE". The article goes on to say, "Many SlashDot regulars looking for easy karma were duped into posting their carefully crafted trolls and comments to a fraudulent site set up at http://brak.slashdot.org/ officials said early Friday morning. CmdrTaco has been unavailable for comment."
moto411.com
Maybe you are thinking of the paypal scam that was exactly the same deal; very legitimate looking pages:
http://www.msnbc.com/news/837882.asp
If you check out the safeharbour forums on Ebay, this is not a rare occurance. There are many scam sites and spam emails which try to socially engineer credit card info and passwords from Ebay users.
I really don't know why this particular instance was picked up by the big news corporations....
-- 7 string electric violin + live loop samplers
In Soviet Russia, article reads you!
There may have been something else more specific on the main page, but this page is all that seems to be left.
Sex - Find It
I've seen four charges from eBay.com on my c'card in the last 5 months.... I have never, ever used eBay for anything...zero. I contacted eBay and they promised to halt the activity and reverse the charges...no action. I went to my Bank...they refunded the monies and cancelled the card. They told me eBay stole the money and they helped me file a complaint with the c'card company.
I remember back in the days when AOL didn't have unlimited accounts people would phish for credit cards.
Telling someone that service X has lost their credit card information probably has the same hit rate of any other spam, 1-2%. It doesn't take much to make a lot of money off of stupid people.
That theory worked years ago, and it still works today. The way I see it, 1 of 2 things needs to happen for this to stop.
1) Greedy people have to develop some ethics
or
2) People have to become less stupid
Experts predict that either one could happen around, oh, never.
Thank you Mario! But our princess is in another castle!
It's quite common for a company not to mention defects or security problems related to their site. (Note: in this case, the problem is not with ebay's site, but with one that looks similar.)
Not even slashdot is immune to this. Consider for example, the recent security problems as sourceforge where every project hosted at sourceforge was subject to arbitrary attack because of database administration problems. For example, see the thread about the squirrel mail list logs, detailing how their site was hacked because of lax SF.net administration. According to the squirrel mail developers who got hacked, it was because:
For all we know, this may still be the problem with SF.net, which has said one word about the breakin, or whether all that source code on SF.net was trojaned.
This story has been all over IRC, news groups, lists, and elsewhere. But
I don't bring this up to bash slashdot. (It gets enough bashing by others--some of it deserved, some of it just from trolls.) Rather, my point is to illustrate that it's quite common for security problems to be reported by other, outside entities, and not the damaged or affected party themselves. This is just one more reason we need neutral avisory bodies!
just new take on a tried and true con that has been around for probably centuries.
Yup. Getting people to offer up their credit card numbers has been around for centuries.
The Spanish and English coming to North America and STEALING the American Indians' land? Nope -- they got them to offer up their credit card numbers and then purchased the land fraudulantly.
The Soviets STEALING the soverignty of Eastern Bloc nations? Nope -- they just got them to offer up their credit card numbers...
Don't even get me STARTED about the 2000 election...
(Its all a joke, folks, relax.)
I would have to say that explosives are the most abused technology in all of history.
I just got an identical scam pertaining to PayPal. I was directed to enter info into PayPal scam site
$ host ebayupdates.com
Host ebayupdates.com not found: 2(SERVFAIL)
I get the whois record just fine, though.
Yet another publicly sponsored Denial Of Service attack by slashdot.
krystal_blade
It will be easy to motivate our fellow man; there is hardly anything people treasure more than not being annihilated.
These are one of the oldest social engineering scams in existence...
They've been used on AOL subscribers (we are updated our database! Email your login/password to this address to ensure uninterrupted service), and even (legitimately) by sysadmins to check on the cluefulness of their own users... see how many ppl will Email you their login/passwords.
That mantle of authority/legitimacy is a powerful psychological tool... provides a lot of social control in some arenas. But I'm not saying it's always good... when people are trained/socialized to listen and not ask questions at all... well... you get victimized by stuff like this. Not to sound like a bumper sticker, but "question authority" is pretty good advice sometimes.
A little bit of cynicism and skepticism go a long way, particularly on the 'Net.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
That way the CC number cannot be cracked even if the database is broken into, and ebay only needs to send the MD4 over to the banks for them to process. As I said, it's a perfectly common practice and well known to people who bother to learn about security rather than just guess at it.
I got one of these emails in which they claimed that eBay has lost some information and needed me to go to some website and fill in some information about my self.
I never got that far, SpamAssassin stripped out the HTML and exposed all the real URL's.
I forwarded the email to eBay.com but I've never heard anything about it. That was before Thanksgiving or earlier. I didn't keep the original email, it served no purpose to me anymore.
I don't think I've ever seen a discussion here on /. that has spawned so many AC posts. I was going to try and moderate here, but DAMN!
Now to get myself back on topic. If you use a credit card on ebay, you're insane. Every time I deal on ebay, I only use postal money orders. Period. It's no big thing to go to your local post office to get/cash one. Unless some idiot is counterfitting things, it's the most secure way I can find to do business on an auction site. And it's not like it's a big pain in the ass, either. Every town has a post office. If it doesn't, the next town over probably does.
It basically boils down to the fact that these are issued by the government. You'ld have to be insane to want to commit fraud when dealing with PMOs. You either have balls the size of Alaska or a brain the size of the period at the end of this sentance. Using a credit card on ebay is like saying "Hey. Take my valuable information, please!"
Sites like ebay should also provide an easy-to-access list of 100% trusted partner sites. Just because an URL contains the name "ebay" in it doesn't mean it's alright. Let's face it: apart from we ubergeeks and a small percentage of the non-geek population, most people are just dumb as rocks when it comes to dealing with anything on the net, let alone any form of e-commerce. It should fall upon sites like ebay to educate their users, even just a little bit.
Blog Prophyts - Right On, Man
Subject: Private Finishing School
Dear Fathers
Are you tired of the poor educational facilities provided by the public school system? We all are, aren't we? This letter is to notify you that your daughter has been chosen as a potential candidate for out newly instituded "Hey'little-mama-whasssssUP" Finishing School in the heart of downtown Chicago.
All that is required for your daughter to register and to begin classes for the next semester is for you to provide her with the nominal entrance fee of $500 US and provide her with a one-way bus ticket to her destination, the central Chicago bus terminal. We will provide all other necessities, clothing included, as we have strict uniform regulations.Our school's directors, Cooldad and Madame Thathing will be on hand to greet all new arrivals between Sept. 1 and Sept 7.
Yours
Nathan Coolodad
Madame Cynthis Thathing
Rien n'est plus beau que le creux du 0.
With a pause and a cough Error 808 continued on in his conversation with Trollaxor. "My mom suggested I fly home but there will probably be nothing to do. I'd be better spending the money on Transformers," he stated in monotone. Trollaxor's muttering could be heard on the speaker of Error 808's custom-built celphone, which had been a gift from Trollaxor long ago. Suddenly Error 808 interrupted the voice on the other end.
"Hey I have to get going. I'll talk to you later," Error 808 muttered, and then quickly ended the transmission, looking at the phone's LCD screen with a gleam in his eye: Call Duration: 00:59, it blinked at him. He had just one second to spare before he would have been charged for another minute of phone use. But practice thru the years had made Error 808 too sharp to fall prey to the phone company's scams. He smiled as he replaced the phone in the breast pocket of his courderoy shirt.
Swinging in his chair to face his Bondi iMac's computer screen, Error 808 returned to doing what he did best: littering eBay with his false bids and fooling the innocent with empty promises and auctions. Seeing a new auction posted in the Transformers section, Error 808 squealed with delight as he read its description and saw the snapshots: a full OB (Out of Box) collection of the Predacons, complete with 12 extra feet (usually a $600.00 value), starting at a measly $70! And no reserve to meet either! Error 808 wasted no time in bidding on this delectable transforming rarity. Predaking would be his, he thought, and he could sell the 12 extra feet for their full value... covering expenditures and turning a profit.
Error 808 was a troll. Not a typical Slashdot troll, however. Not that there is just one kind of troll on Slashdot-- but, to speak taxonomically-- placing all of Slashdot's troll species into one or two or even three genus would be possible, while Error 808 would fall only into a common family, he and his kind sharing a separate subfamily from other trolls. Such an eBay troll was he that he could auction things off before he owned them, such as when he auctioned business.com for $1,000,000.00 US just seconds after he actually owned it, or the time that he auctioned the rights to he and his wife's organs in the event that one or the other died. Error 808 was not married.
Yawning and stretching, Error 808 looked at his iMac's platinum menu bar's clock, and groaned. He'd stayed awake for too long again, and was late for getting to sleep. Removing his clothes and tossing them randomly about his apartment, he put his Bondi iMac to sleep, hoping it wouldn't crash before he returned to it next, and made his way to the kitchen, where he sought out sustenance.
Opening a cupboard and spotting a box of Life cereal, he immediately took the box and plunged his hand deep inside, fisting as much of the dry cereal into his hand, and subsequently into his mouth, as possible. Crumbs and flakes fell all over his bare chest and the floor around him; even the hair on his legs caught a few flecks of the healthy, milkless cereal.
Having filled his belly with granular goodness, Error 808 now made his way to his bedroom, rife with the odor of stale, unwashed, sweaty clothes (of which a giant heap layed in the middle of his floor) and fell back onto his bed. His PSX console lay paused just as he had left it last time, over an hour ago. The console looked like a technological Frankenstein's monster: with the case torn off, the bare metal chassy of the PSX revealed the various mod chips, purposefully shorted wires, and different RAM expansion and ROM hack cards stuffed here and there. With a look of sublime ecstacy on his face, Error 808 unpaused Final Fantasy VIII and rejoined the quest that he'd been playing almost non-stop for the last 72 hours. Feeling a bit cold, Error 808, with one arm, pulled on a Transformers robe he'd had since the mid-80s. Finally comfortable and content, Error 808 didn't realize he was dozing off.
And so Error 808 fell asleep, not having paused his Final Fantasy VIII game, his characters jumping and looking around routinely for the rest of the night in silence, the pallid glow of his television casting a pale glare on his lifeless form.
We got a whole load of bounces from someone sending bogus account info to one of our domains that redirected people to an AOL scam site
http://aaaupdate.g2gm.com/index.htm
Mind you, I complained to AOL etc and they just ignored it all.
The slashdot audience helps fighting crime
By Ebay! Read all about it!
in fact this is the second such site in two weeks, MSNBC and the BBC both carried these earlier (MSNBC last weekand the BBC early this week)
If Slashdot is just now getting to this, why bother? I would hope that the users are informed enough already to catch this kind of thing for one as well as reading the mainstream news.
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
Good for us we slashdoted the hell out of them, that will teach them, and I'm sure a visit from the FBI will end this.
What does Intel have to do with Mac users?
You can have it fast, accurate, or pretty. Pick any 2.
Now, if somehow fraud was to increase quite dramatically, then you might see this change.
You know it makes sense.
US phone numbers are in the form of 3 digits for area code, 3 digits pefix, 4 digits number. So 800-555-1212 would be a valid US phone number (that one gets you 800 directory information). In the area code 800, 888, 877, and probably a couple other are for toll free, 900 is for toll calls, 700 is phone company type things. Normal area codes are something like 602. In teh prefix field 555 is reserved and only really used for information.
US SSNs are 9 digits long and are normally seperated as such: 123-45-6789.
I guess the thing is slashdotted or perhaps the "proper" authorties are taking action on it.
damn, I wanted my credit cards to be raped and pillaged.
There are some odd things afoot now, in the Villa Straylight.
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
This was running across the Incidients mailing list at security focus a day or three ago. Skimming the most recent messages, it appears that Yahoo (the registrar in this case) was contacted on Sunday evening (local time) and had the domain shut down within the hour.
1hour response on a sunday evening. Nice work guys!
This is for that PayPal scam site. Final results obtained from whois.arin.net.
Results:
OrgName: Autobahn Access Corporation
OrgID: ATOB
NetRange: 66.187.64.0 - 66.187.79.255
CIDR: 66.187.64.0/20
NetName: AUTOBAHN-1BLK
NetHandle: NET-66-187-64-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: ONE.AUTOBAHN.MB.CA
NameServer: TWO.AUTOBAHN.MB.CA
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON- PORTABLE
RegDate: 2001-11-14
Updated: 2001-11-14
TechHandle: AD163-ARIN
TechName: Dostmohamed, Arif
TechPhone: +1-204-982-6629
TechEmail: Arif@autobahn.mb.ca
------ What's sadder than realizing you've filtered out your own comments?
ebayconfirm.net it's been reported by a friend of mine since they tried to scam him last week.
fortunately it appears to be down now.
Looking for Book Reviews? Check out Literary Escapism.
What's that you say? Some internet site's giving you trouble? No problem! Post it on slashdot, it'll be gone in no time.....!
ebayupdates.com has been slashdotted out of business, maybe we just need to have a daily story about them.
Do you have ESP?
Since when is it news that someone is trying to rip off E-bay customers? I thought that that was the whole point of E-bay.
I don't want free as in beer. I just want free beer.
I say let's subscribe postmaster@ebayupdates.com to a bunch of OPT-in mailing lists. Also, we can also let the credit card companies know that who ever lives at 1742 Bolton Village Lane, Niceville FL 32578 is open for receiving junkmail. We should also send qspam52@aol.com lots of junk email as well as subscribing it more junk email lists. Though, it would appear that it is just a spam email account someone used. Though we could, however, call 713-552-6332 at all odd times of the day just to bug the crap out of the person. Or better yet, let's just go down there and TP whoever lives at that address and put a bag of crap on their doorstep and light it on fire. :-)
I got a spam a few weeks ago, and reported it to the hosting service (who turned off the site relativly quickly). I also emailed news.com, who ran an article about a week later on general ebay identity theft scams. And I also emailed the local ABC affiliate in Dallas. They ended up coming out and doing a story about it and airing it. Here is a link to the transcribed interview. link and the video video (real player required) (you probably have to register for the site though). It was also found that the guy that supposidly owns the domain name, had his identity stolen earlier this year.. --Copy of the report ------- Web site designed to scam eBay customers Experts say there are simple ways to protect yourself against similar frauds 11/22/2002 By BRETT SHIPP / WFAA-TV Most everyone has heard horror stories from victims of identity theft. Thieves steal checks or credit card numbers, and go on spending sprees. But now, crooks have concoted a new high-tech plan to put your money in their hands. Imagine a routine check of your computer e-mail. One of the items is a routine-looking message from the on-line auction company eBay. The message reads: "We regret to inform you, but due to a recent system flush, the billing information for your account was lost and cannot be found." To re-register, you are directed to a web site providing a place to again supply eBay with all of your financial information. Chris Pick of Dallas received such a notice just a few days ago asking him for a number of items. "Credit card information, bank account information, pin number, Social Security numbers, address, (and) mother's maiden name," Pick said. But Pick, a computer network administrator by trade, smelled trouble. "This was kind of a double-take for me," Pick said. "Usually I spot these kind of scams a mile away, and trash them, and don't pay any attention." This time he followed his instincts, employed his skills and went to eBay.com to see if his account was still active. It was. "I went and did some more investigating on that site, eBaybillingservice.com, and it turns out they are not affiliated with eBay - it looked like a scam," Pick said. After some research, he discovered ebaybillingservice.com was registered to an address in North Vernon, Indiana - the home of William Flowers who, it turns out, had his identity stolen earlier this year. "The person who called a couple of days ago said the authorities would probably be knocking on my door," Flowers said. "I welcome them with open arms because I want to find out what's going on." What's going on is this: someone has used Flowers' financial information to purchase and establish a Web site, fashion it to look like a genuine eBay site, and fool people into submitting critical financial information. Internet investigator Brian Ingram tracks computer crooks around the globe. "This page was actually quite well done," Ingram said. In this case, he's made important discoveries. "When you access the source code on this e-mail and you do some tracing on it - which is what I specialize in - you can see the e-mail actually originated out of Spain though an internet service provider called Telephonica SA," Ingram said. Tracking the crooks is one thing. Capturing them is another - especially in Spain, where Ingram says the laws are lax. eBay officials are aware of the scheme, and told News 8: "the problem in nailing these guys is that their Web site stays up only a few days and disappears." Ingram said there are some simple ways to protect yourself. "In the address bar of the site that you go to, you should be able to see an "s" behind the 'http'," Ingram said. That means the site's address will begin with 'https://'. "If you don't see that "s", I don't care what's written on the page, it's not secure," Ingram said. Someone's basically copied the source code and hijacked the page." He also said, when supplying financial information on-line, look for the little lock at the bottom of the page, which is your browser's way of telling you the page is secure. Finally, never release financial information in response to an e-mail - it could be an invitation to 'information highway robbery'.
Obviously this sort of thing isn't indemic to EBay. AOL has huge problems with people trying to steal their customers credit card info. I'm sure it happens with many companies. The moral is most people seem to be dumb as sheep.
It's not such a difficult scam to perpetrate. Swipe ebay's look and feel, stick it up on a site with a similar name, and advertise.
Ebay is smart enough to cover a lot of their bases, for example, Canadian ebay'ers might be tricked into trying ebaycanada.com, except ebay has already been smart enough to grab:
ebaycanada.ca
ebaycanada.com
ebaycanada.net
They did miss, however (according to my domain search) ebaycanada.org, but you can't get 'em all.
All somebody really needs to do is make a duplicate of a common site, or way for a new domain extension.
ebaysales.com, ebaymarketing.com, they all "sound" like they are affiliated with ebay. If they look the same, how are you to know the difference?
Incidentally, ebaysales is taken for all the most common extensions except ebaysales.ca
It's social engineering at its worst. When you see something that looks like it's associated with something else, acts like it's associate, many people just assume "they must be part of the same thing." It's in many ways similar to scams like the "Domain Registry of XXX."
In Canada, they used marking very similar to the Canadian government to look affiliated, and also wrote their "renewal" letters which lead many people to believe they were affiliated with the original domain provider. Eventually the use of government markings got them nailed, but for every one of these slimey scammers that get shut down, it seems two more pop up.
Getting this info on slashdot is nice. If the server hadn't already been shut down, a good slashdotting probably would have helped put some sand in the gears.
Since the beginning of December alone, I have received four e-mail messages claiming to be from eBay, pointing to various Web sites which ask for credit card or membership information. They all have the following in common:
1. Partially (but not expertly) forged mail headers.
2. Web site which looks pretty authentic but isn't hosted at eBay (imagine that!)
3. A threat of some sort -- "If you fail to verify your information within four days, your account will be suspended."
4. Grammar or spelling mistakes if you look closely.
When I got my first couple of these a year ago or so, I dutifully reported the messages to eBay and the abuse@ addresses for the mail server and Web host used in the transactions. But now I receive so many of them, I just ignore them.
I nope not too many people are dumb enough to fall for this, but sadly, I suspect that some are...
STOP . AMERICA . NOW
man, do i HATE those latest ebay TV commercials. man are the gay, or what? in any case, it effectively gets my attention on Ebay when I see the commercial. I'll never purchase through Ebay again after they subjected me to those awful ads that make me cringe.
What really scares me about this kind of stuff is that my parents, friends who know little about the net, etc.. are all very vulnerable to this sort of scam. The same may be true of the non-tech types that you know. Those of us reading here won't be suckered, but the scammers only need to succeed against the gullible. For example, I have my folks running a legit copy of winxp home (linux just ain't gonna happen in their case, trust me) and they even get nervous when the Windows Update stuff comes up, since I told them to reject anything that offers to install itself. I told them I'd take care of it next time I visited - roughly once a month I travel back home and we sit down and go through websites so they can get plugins they actually need, and I add names to the list that currently includes Gator, BB, etc of "avoid at all costs". Then I look at the Windows Updates and make sure it isn't that one unsafe one, and install them. My folks are chomping at the bit to explore their computer more and become even more familiar with the net... and they're doing great, especially for people whose VCR used to blink "12:00" after every power outage until my next visit... but the paranoia is preventing them from really embracing the technology. This affects all of us, because the non-tech-savvy around the world have to embrace the technology to some extent in order for meaningful development of new research to take place, for it to be economically feasible at all. As a law student and hopeful future prosecutor, I'll always help any way I can to nail the scam artists, and I'm glad many of you feel the same way.
-MPB/AZ
I emailed eBay and Yahoo about these guys last week after receiving the scam the first time. It is very convincing - a very nice mockup of the real eBay site.
It's a shame that both eBay and Yahoo make it so hard to find a contact address, and that even after I made the efforts they didn't make an effort in return.
You have no choice but to use a credit card if your going to sell something on Ebay. They started forcing people to attach a credit card number to their account as a means of reducing the amount of fraudulent accounts people would set up to scam other Ebay users out of money.
You don't have to submit the ole CC to buy something, only to sell.
Older memberships are grandfathered, with no credit card demanded.
(BTW, it's possible at a local bank hereabouts to purchase (Charter One Bank, and for a short time it's free of charge over the face value) a "temporary" MasterCard "FlexCard" debit card with a fixed face value up to $500 (I believe). I purchased one at the "no-fees" promotional price of only face value specifically to use with a site from which I wished to purchase something without risking the debit card for my main checking account).
A truly excellent pizza parlor is a delight unto the heavens. Treasure the sauce and the toppings!
I got one of these messages referring me to http://ebay-error.tr.cx Now, as you can see, this particular scam artist is trying to capitalise on the trust and respect which netizens have for the .cx domain.
There's also this PayPal scam.
I understand a lot of people have been victimized by it.
The topic here is a "credit-card theft" scam, which turns out to be much more than that. It's a shining example of the evils of the DMCA!
a rC ode((y>>8)&0xFF)+F F)+String.fromCharC ode((y>>24)&0xFF)F F)+String.fromCharC ode((z>>8)&0xFF)+F F)+String.fromCharC ode((z>>24)&0xFF)
... ,29762809)
... (the encrypted data stream is very, very long) ...
... ,1125967000)
The spam I got was more then just credit card theft, it was an attempt at full-bore identity theft! The spam directed the user to a web page that asked for, among other things, my social security number, mother's maiden name, and drivers license number. (see Appendix A at the end of this post)
On top of that, the spam was encrypted! I tried to look at the source code, but instead found a javascript program, containing a decryption algorithm, and pages and pages of encrypted data. (See Appendix B at the end of this post) The function of this program is obvious. The program overlays itself with the decrypted identity-theft program, then runs it.
Naturally I didn't fill out the form or click submit once I saw what the web page was, but I did execute the encrypted program by following the link in the email, and I was able to use "View Page Source" to locate and capture the complete decryption algorithm and encrypted identity-theft program.
This is an interesting situation.
Here we have a piece of spam containing a Javascript program, which comprises a technological measure that controls access to another piece of either HTML or possibly Javascript (the copyright-protected identity-theft program), which in turn may or may not exploit some netscape or IE bug to steal my personal information.
Or it might operate at face-value, generating a simple HTML form, collecting field information, and sending the information off to a remote identity-theft collection computer.
I can't tell without (trivially) bypassing the technological measure, by altering the program to display the plaintext of the identity-theft program
instead of executing it.
This technological measure (the javascript program) is obviously designed to prevent me (the intended identity-theft victim) from gaining access to the copyrighted identity-theft program to examine it.
Therefore, this whole identity theft scam is fully DMCA-protected! It would be a violation of 17 USC 1201(a) for me to alter the decryption program in such a way as to display the identity-theft program (and learn if I was an actual victim or just a potential victim.) It would be a violation of 17 USC 1201(b) for you to post a followup message explaining how to do it. The DMCA provides no exception for potential or actual victims of this sort of spam fraud, or for individuals attempting to aid potential or actual victims of this sort of spam fraud, or for individuals attempting to research this type of fraud.
So what if I were just to ignore the DMCA, decrypt the identity-theft program and reveal its contents? Obviously, the identity-theft ring isn't going to step forward and sue me, because presumably they are trying to conceal their identities and activities. That doesn't mean that I'm safe though. The problem is that under the DMCA, I would be risking Federal prosecution, even if all I was trying to do was determine whether I was an actual victim of identity theft!
In reality, I suspect that I would not be prosecuted by the Federal Government in this particular instance, but then who knows these days. The law is supposed to provide equal protection. In this case, not prosecuting me (for discovering for myself whether I was the victim of identity theft) would illustrate the selective enforcement of the DMCA. Dmitry Sklyarov faced prosecution by the Federal Government for bypassing a technological measure controlling access to ebooks, even after Adobe backed away from the lawsuit.
How am I supposed to know whether or not I would face prosecution for exposing an identity-theft scam? Why should I, or anyone else, take the risk?
APPENDIX A: Information requested by the identity-theft program.
Full Name (Include your full middle name)
Address
City
State
Zip Code
Phone Number
Credit Card Number
Expiration Date
Cvv2 (Last 3 digits located behind your credit card or (4 digits for AMEX located on the front above your credit card number)
Bank Name
Bank Phone Number (Located on the back of the credit card)
Social Security Number
Mothers Maiden Name
Date Of Birth
Drivers License Number
eBay User ID
You can also use your registered email.
eBay Password
APPENDIX B: The javascript program itself.
function process(ar)
{
var Stri=''
var y, z, sum, n, n1, number, j=0
var key = new Array(25960,31077,121,104)
n1=4
for (j=0; j0)
{
z-=(y>5)+key[3]
y-=(z>5)+key[1]
sum-=0x9E3779B9
}
Stri+=String.fromCharCode(y&0xFF)+String.fromCh
String.fromCharCode((y>>16)&0x
Stri+=String.fromCharCode(z&0x
String.fromCharCode((z>>16)&0x
}
document.write(Stri)
Stri=''
}
}
function start() {
var ar=new Array()
ar[0]=new Array(-476521852,-2058851006,-25665082,
ar[13]=new Array(-575491891,665716493,
process(ar)
}
start()
(I had to alter the spacing of the "Stri+=" lines because of the lameness filter:
Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition. Comment aborted.
Also, slash appears to have inserted a space in the second "fromCharCode" in each line that isn't really there. Whatever.)
Could you be any less amusing?
I doubt it.
eBay are the johnnies that DEMAND that a credit
card be given to them before anyone can use them.
Little wonder that somebody might just happen to
find lose money from one scam or another just
somehow connected with that act of bad judgement.
Why would anybody demand to get unlimited ability
to scam you if there was not some intention on the part of somebody to use that to fleece you
at some time in the future. If you believe the
legal conundrumese in the empty and misnamed
'privacy statements' for more than what they really could be interpreted by a paid off judge
to say in some convoluted judgement, then why
not buy some land in the Everglades. At least
you would never starve if you went there and
lived on your land.....in a rowboat and fished
for your food.
What if a credible source send out a mass-mail to ebay users, trying to get them to re-enter their information. When they hit the submit button, give them a huge, easy to understand lecture on how they could have been easily duped into giving up invaluable information. Yes, it's unsolicited, and probably will raise some eyebrows with the feds, but how many susceptible people would be taught a valuable lesson?
Don't let this stop you, just keep in mind, when the stranger calls you, or sends you an email asking for you account name, password, creditcard numbers, and bank routing number....IGNORE IT.
Only foolish people are getting caught in this scam, much like more traditional con artists. It is sad but everyone should take a moment to talk to their grandparents about how to avoid this stuff, and then go on about our ways.
errr....umm...*whooosh* *whoosh* Is this thing on ?
Knowing that PayPal would do anything to fuck over it's customers, this could just be another arm of the octopus, so to speak.
The posting of the domain name on slashdot is being challenged in court as a vigilate attempt to shut down the operation...
Liberty uber alles.
"Obviously, a major malfunction has occurred."
-- Steve Nesbitt, voice of Mission Control, January 28,
1986, as the shuttle Challenger exploded within view
of the grandstands.
- this post brought to you by the Automated Last Post Generator...