Slashdot Mirror

← Back to Stories (view on slashdot.org)

eBay Customers Targetted by Credit Card Scam

Posted by ryuzaki0 on from the pulling-a-fast-one dept.

hether writes "Customers of the auction site eBay have been targeted by a site called ebayupdates.com. The site attempts to steal credit card details from eBay's 55 million customers. The SANS Institute Internet Storm Center issued the warning on this one. Info about the scam can be found on the BBC site, CNN, CNet, vnunet, and more. Funny enough there's no mention of this on the eBay site..."

10 of 237 comments (clear)

  1. What? by neksys · · Score: 3, Informative
    Representatives of eBay were not immediately available for comment, but the company has issued a general warning on its Web site, urging caution over e-mails seeking passwords or credit card numbers.

    Sounds like they've mentioned it on the website to me.....

    1. Re:What? by gvonk · · Score: 4, Informative

      It's tough to find, but here's the warning:

      Some members have reported attempts to gain access to their personal information through email solicitations that are falsely made to appear as having come from eBay. These solicitations will often contain links to Web pages that will request that you sign in and submit information. At eBay, we identify these as 'spoofed' emails or Web sites.

      We encourage you to be very cautious of emails that ask you to submit personal information such as your credit card number or your eBay password.

      To be sure that you are signing into a genuine eBay Web site, look at the Address/Location area of your browser. At an eBay.com sign-in or log-in page, the URL (link) that appears in the Address/Location area of your browser will begin with "http://cgi.ebay.com/" or "http://scgi.ebay.com". Please pay close attention to all characters in the address, including the forward slash (/) that follows "ebay.com". Even if the Address/Location includes the word "ebay", it may not be a genuine eBay Web site. If you receive or suspect you have received such an email, do not respond to it or click the links. Immediately send a copy of it to spam@ebay.com.

      If you have any doubt as to whether or not the website you are on is an official eBay web page, please visit our Account Security page for more complete information on the URLs used on eBay web pages.

      For more information on how to protect your eBay password and your account, click here.

      Regards,
      eBay

      --


      El Karma: excelente(principalmente la suma de moderación hecha a los comentarios de los usuarios)
    2. Re:What? by ackthpt · · Score: 2, Informative
      Representatives of eBay were not immediately available for comment, but the company has issued a general warning on its Web site, urging caution over e-mails seeking passwords or credit card numbers.

      Sounds like they've mentioned it on the website to me.....

      I received the spam on this one about a week ago. I haven't received *any* warning from eBay on being careful with ID or personal info, even as a general warning, particularly via email. I'm sure, as most things I've found, there is a warning buried deep within eBay and only those with the greatest of patience and available time (or just luck) actually can find it. The site is poorly designed for navigation.

      About a month ago I attempted to post a similar article as this to Slashdot concerning very much the same style of attack in an email from a www.paypal-ebay.com site, registered to some schmuck in Nebraska. I tried, carefully worded with good references, etc. to get submit it and it died both times. So, slashdot, which often runs duplicate stories, missed the boat on that one.

      You can see some of it here:

      The email

      The webpage

      It's amazing what a pain it was trying to raise anyone at eBay or PayPal with their forms, etc. Customer service at both are terrible, just terrible. I only got through to PayPal with the help of some information provided by a powerseller friend. PayPal said, "yeah we know about it and are trying to shut the site down", this 6 hours after I got the spam and the site was still up at that point. Forwarding passwords to the email address of paypal@c2.hu

      So be careful, eh? Not many people are as helpful as the users.

      --

      A feeling of having made the same mistake before: Deja Foobar
  2. strange.. seems to be down.. =) by Anonymous Coward · · Score: 5, Informative

    WHOIS Record:

    Domain Name.......... ebayupdates.com
    Creation Date........ 2002-12-06
    Registration Date.... 2002-12-06
    Expiry Date.......... 2003-12-06
    Organisation Name.... Tred
    Organisation Address. 1742 BOLTON VILLAGE LANE
    Organisation Address.
    Organisation Address. NICEVILLE
    Organisation Address. 32578
    Organisation Address. FL
    Organisation Address. UNITED STATES

    Admin Name........... Eulalia Bergenthal
    Admin Address........ 1742 BOLTON VILLAGE LANE
    Admin Address........
    Admin Address........ NICEVILLE
    Admin Address........ 32578
    Admin Address........ FL
    Admin Address........ UNITED STATES
    Admin Email.......... qspam52@aol.com
    Admin Phone.......... 713-552-6332
    Admin Fax............

    Tech Name............ YahooDomains Techcontact
    Tech Address......... 701 First Ave.
    Tech Address.........
    Tech Address......... Sunnyvale
    Tech Address......... 94089
    Tech Address......... CA
    Tech Address......... UNITED STATES
    Tech Email........... domain.tech@YAHOO-INC.COM
    Tech Phone........... +1.6198813096
    Tech Fax.............
    Name Server.......... yns1.yahoo.com
    Name Server.......... yns2.yahoo.com

    1. Re:strange.. seems to be down.. =) by b0r1s · · Score: 3, Informative

      To be fair, Yahoo did a good job of taking these jackasses offline quickly.

      This really isn't that new: it's been discussed on incidents@securiyfocus.com for the past few days. From that list:


      The form posts to

      http://www.cutandpastescripts.com/cgi-bin/formpr oc essing/forms.pl

      It has the following hidden fields, with the following values

      activenumber 428283597791
      username xacxac
      MfcISAPICommand SingInWelcome
      siteid 0
      co_partnerId 2
      UsingSSL 0
      ru
      pp
      pa1
      pa2
      pa3
      i1 -1
      pageType -1

      and the following field names, that are entered by the user on the form

      name
      address
      City
      State
      Zip
      Phone
      cc
      expi re
      Cvv2
      Bank Name
      Bank #
      checking_account_number
      Routing_number
      ssn
      m mn
      dob
      dl#
      userid
      pass (password)
      submit (value=Sign In)
      keepMeSignInOption (checkbox, checked value=1)

      --
      Mooniacs for iOS and Android
  3. Re:Yet another example of bad security by tigress · · Score: 4, Informative

    Does nobody read the articles anymore? =)

    This is not about eBay's security. It's about a spam scammer that tricks users into going to a third party website and reenter their credit card details.

    Though, I'm sure the scammer encrypts all credit card details, in order to protect the customers. =)

  4. Old News by Shadowcaster · · Score: 2, Informative
    Funny enough there's no mention of this on the eBay site...

    There prolly was a week ago when the news broke about it though.. check web-caches and the like. That or edit the story to begin with "You probably already know about this, but..."

  5. This is not a unique happening.... by solostring · · Score: 4, Informative

    If you check out the safeharbour forums on Ebay, this is not a rare occurance. There are many scam sites and spam emails which try to socially engineer credit card info and passwords from Ebay users.

    I really don't know why this particular instance was picked up by the big news corporations....

    --


    -- 7 string electric violin + live loop samplers
  6. Similar PayPal scam by pixelbeat · · Score: 3, Informative

    I just got an identical scam pertaining to PayPal. I was directed to enter info into PayPal scam site

  7. this really is an old story by night_flyer · · Score: 3, Informative

    in fact this is the second such site in two weeks, MSNBC and the BBC both carried these earlier (MSNBC last weekand the BBC early this week)

    If Slashdot is just now getting to this, why bother? I would hope that the users are informed enough already to catch this kind of thing for one as well as reading the mainstream news.

    --


    Thanks to file sharing, I purchase more CDs
    Thanks to the RIAA, I buy them used...