Slashdot Mirror
eBay Customers Targetted by Credit Card Scam
hether writes "Customers of the auction site eBay have been targeted by a site called ebayupdates.com. The site attempts to steal credit card details from eBay's 55 million customers. The SANS Institute Internet Storm Center issued the warning on this one. Info about the scam can be found on the BBC site, CNN, CNet, vnunet, and more.
Funny enough there's no mention of this on the eBay site..."
Perhaps if you'd read the article instead of trying to get an early post, you'd know that the numbers aren't stolen - the site, ebayupdates.com, fools people into thinking that they are affiliated with the real ebay.com, and asks them to re-enter their financial information. It has nothing to do with credit card databases or encryption - just new take on a tried and true con that has been around for probably centuries.
A commendable action! I'm sure you saved a few people some headaches. However, next time anyone is in a situation like this, I might suggest that the second place you contact (after the service provider) are whatever law enforcement agency has jurisdiction over fraud cases such as these. Shutting them down is one thing, but getting them put behind bars guarantees that they'll have to wait a while before starting up a new scam.
I've reported scammers before, to the service providers. I'd love to report them to the legal authorities, except I'm in Sweden and I doubt me contacting Russian or Chinese legal authorities will do much about the fake French address that the UK scammer used in order to defraud German customers of a US company.
These are one of the oldest social engineering scams in existence...
They've been used on AOL subscribers (we are updated our database! Email your login/password to this address to ensure uninterrupted service), and even (legitimately) by sysadmins to check on the cluefulness of their own users... see how many ppl will Email you their login/passwords.
That mantle of authority/legitimacy is a powerful psychological tool... provides a lot of social control in some arenas. But I'm not saying it's always good... when people are trained/socialized to listen and not ask questions at all... well... you get victimized by stuff like this. Not to sound like a bumper sticker, but "question authority" is pretty good advice sometimes.
A little bit of cynicism and skepticism go a long way, particularly on the 'Net.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
I don't think I've ever seen a discussion here on /. that has spawned so many AC posts. I was going to try and moderate here, but DAMN!
Now to get myself back on topic. If you use a credit card on ebay, you're insane. Every time I deal on ebay, I only use postal money orders. Period. It's no big thing to go to your local post office to get/cash one. Unless some idiot is counterfitting things, it's the most secure way I can find to do business on an auction site. And it's not like it's a big pain in the ass, either. Every town has a post office. If it doesn't, the next town over probably does.
It basically boils down to the fact that these are issued by the government. You'ld have to be insane to want to commit fraud when dealing with PMOs. You either have balls the size of Alaska or a brain the size of the period at the end of this sentance. Using a credit card on ebay is like saying "Hey. Take my valuable information, please!"
Sites like ebay should also provide an easy-to-access list of 100% trusted partner sites. Just because an URL contains the name "ebay" in it doesn't mean it's alright. Let's face it: apart from we ubergeeks and a small percentage of the non-geek population, most people are just dumb as rocks when it comes to dealing with anything on the net, let alone any form of e-commerce. It should fall upon sites like ebay to educate their users, even just a little bit.
Blog Prophyts - Right On, Man
This just goes to show that the #1 security threat is always stupid end-users, not buggy software. People whose password is "QWERTY" or "secret" ought to be shot.
Repeal the DMCA!
What really scares me about this kind of stuff is that my parents, friends who know little about the net, etc.. are all very vulnerable to this sort of scam. The same may be true of the non-tech types that you know. Those of us reading here won't be suckered, but the scammers only need to succeed against the gullible. For example, I have my folks running a legit copy of winxp home (linux just ain't gonna happen in their case, trust me) and they even get nervous when the Windows Update stuff comes up, since I told them to reject anything that offers to install itself. I told them I'd take care of it next time I visited - roughly once a month I travel back home and we sit down and go through websites so they can get plugins they actually need, and I add names to the list that currently includes Gator, BB, etc of "avoid at all costs". Then I look at the Windows Updates and make sure it isn't that one unsafe one, and install them. My folks are chomping at the bit to explore their computer more and become even more familiar with the net... and they're doing great, especially for people whose VCR used to blink "12:00" after every power outage until my next visit... but the paranoia is preventing them from really embracing the technology. This affects all of us, because the non-tech-savvy around the world have to embrace the technology to some extent in order for meaningful development of new research to take place, for it to be economically feasible at all. As a law student and hopeful future prosecutor, I'll always help any way I can to nail the scam artists, and I'm glad many of you feel the same way.
-MPB/AZ
I like that since it's /. you have to put down "It's all just a joke, folks, relax".
Otherwise you'd have at least 2 comments calling you a dumb-ass. 1 comment correcting you on "its" vs "it's". 3 comments, saying you were joking. The 2 that called you a dumb-ass would have to defend themselves. And there'd be 20 comments over the whole thing before it fizzled out.
riding round the world on an old motorcycle