Results 1 to 25 of 39
-
06-11-2005, 06:24 PM #1Web Hosting Master
- Join Date
- Jul 2002
- Posts
- 3,374
ebay phising got really advanced!
i sell my college text book on ebay and i just got a email from ebay saying i am now able to join their powerseller program and i fell for it. i click the link and the logon page look just like ebay logon.
i type in my account/password and when it ask for my personal info. i stopped and look at the URL. i guess my little brain is telling me something is not right... i got out and went into real ebay/paypal right away to change my password.
you know, you tho you see it all but then bam! scammer come up with a real scam. i hope my ebay/paypal account is no screw up.
-
06-11-2005, 07:39 PM #2Web Hosting Master
- Join Date
- Feb 2002
- Location
- Australia
- Posts
- 24,027
Yep, they're getting trickier to spot. I almost fell into a similar trap a few mths back. If these scammers are almost fooling seasoned internet folks, what chance does the general public have?
• WLVPN.com • NetProtect owned White Label VPN provider •
• Increase your hosting profits by adding VPN to your product line up •
-
06-11-2005, 07:58 PM #3Automation Specialist
- Join Date
- May 2004
- Location
- Baltimore, MD
- Posts
- 1,211
Someone needs to write a darn FireFox plugin that comes up after scanning the page and goes "OH MY GOD IT'S A FAKE! CLOSE CLOSE CLOSE!" -- I bet you it would be #1 plugin after a week.
██ Automated Tendencies - Brand Management Agency from Baltimore, Maryland.
██ Reputation Management • Search Engine Optimization • Pay Per Click • Email Marketing
-
06-11-2005, 10:12 PM #4Retired Moderator
- Join Date
- Dec 2000
- Location
- East Coast
- Posts
- 1,749
I don't ever click on links in emails anymore from any site that involves my finances (bank, credit cards, paypal). Although I usually check on my accounts every few days, I usually just go to the sites directly instead of clicking on them (not hard).
There some even more advanced ones out there (trojans) like the ones that runs its own DNS server and replaces it in your network configs and forwards domains like paypal.com to its own fake site.
Crazy cyberworld.
-
06-11-2005, 11:21 PM #5Web Hosting Master
- Join Date
- Sep 2002
- Posts
- 1,585
someone owned a good domain which almost fooled me one, and they created a subdomain, its url was like:
http://secure.paypal.21534.com/
They even had a cheap SSL.
-
06-12-2005, 12:23 AM #6WHT Addict
- Join Date
- Mar 2005
- Posts
- 122
Its amazing what people will do to get a dollar...
Every time I get one of those stupid emails, I report it to eBay and PayPal and they always send this generic BS email back saying...
"(company) will never send you an email requesting your private information..."
Its almost like they don't care. Does anyone know if they actually follow up on these fraud attempts?
LHIf the web closed at midnight, what would YOU do?
-
06-12-2005, 01:24 AM #7Web Hosting Master
- Join Date
- Mar 2001
- Location
- Houston, TX
- Posts
- 973
Sad situation for the world to be in - I'm not worried about myself; I'm worried about my mother who sits at work all day as a CAD designer (not knowing much other than AutoCAD) who gets this in her e-mail and decides to hand over all her information on a platter.
The FireFox plugin would be quite nice; I think Thunderbird is going to have one in the next release, no?
RojWeb Hosting? Been there. Done that.
I am niyogi.
-
06-12-2005, 03:07 AM #8Web Hosting Master
- Join Date
- Feb 2002
- Location
- Australia
- Posts
- 24,027
Originally posted by whatever
someone owned a good domain which almost fooled me one, and they created a subdomain, its url was like:
http://secure.paypal.21534.com/
They even had a cheap SSL.
These scumbags are getting trickier and sneakier, no doubt about it.• WLVPN.com • NetProtect owned White Label VPN provider •
• Increase your hosting profits by adding VPN to your product line up •
-
06-12-2005, 03:37 AM #9Web Hosting Master
- Join Date
- May 2003
- Location
- My Old Kentucky Home....
- Posts
- 1,845
Originally posted by LadyHost
Its almost like they don't care. Does anyone know if they actually follow up on these fraud attempts?
LH
Realistically though, they probably get hundreds, if not thousands, of these emails a week. It would be impractical for them to try and compose a more personalized, non-formatted email for each report, wouldn't you think?
Hate to say it, but we typically send out between 10 and fifteen emails a day to new customers and after awhile they all started sounding the same....There are only so many ways to skin a cat I guess. As much as we disliked doing so, we ended up writing out a handfull of formatted responses to fit the various responses needed and left blanks to fill in particulars. That's just for 10-15 a day. If we had eBay's volume we would likely be doing the copy-paste-send thing too.It's time to kick back, pop in a From Autumn to Ashes CD, and relax.....
-
06-12-2005, 11:42 AM #10Web Hosting Master
- Join Date
- Apr 2001
- Location
- Pittsburgh, PA
- Posts
- 1,306
Originally posted by LadyHost
Its almost like they don't care. Does anyone know if they actually follow up on these fraud attempts?
http://www.phishreport.net/
Kevin
-
06-12-2005, 02:15 PM #11WHT Addict
- Join Date
- Apr 2005
- Posts
- 102
Netcraft is doing a toolbar that you can install on both IE and Firefox...
System requirements: Internet Explorer on Windows 2000/XP or Firefox 1.0 or later...
http://toolbar.netcraft.com/help/tut...nstalling.html
* Protect your savings from Phishing attacks.
* See the hosting location and Risk Rating of every site you visit.
* Help defend the Internet community from fraudsters.
-
06-12-2005, 02:18 PM #12WHT Addict
- Join Date
- Mar 2005
- Posts
- 122
LHIf the web closed at midnight, what would YOU do?
-
06-12-2005, 02:36 PM #13Newbie
- Join Date
- Jun 2005
- Posts
- 6
I fell for one of these once, but not in the same way you'd expect;
I got one of the scam PayPal emails, and generally I like to look at them just to catch the spelling errors and other obvious errors that give it away. Well, I brought one up, and suddenly got a phone call.
I walked away from my computer for a few minutes, and walked back. Since the paypal page was up, I instinctively typed in my username and password and hit Enter.
It was about a nanosecond after I pressed the Enter key that I realized what I did.
-
06-12-2005, 04:13 PM #14Web Hosting Master
- Join Date
- Feb 2004
- Location
- Southern California
- Posts
- 751
Thunderbird has a fun little plugin that will go 'SPF Cannot Be Verified, Adress Forged!'; and all the major sites have SPF anyways, good plugin, cannot remember the name of it, but its on the Thunderbird plugins page...
▓ SkyLineHost.com
▓ ▓ Shared hosting that soars above the competition
▓ ▓ ▓ Based in Los Angeles. sales@skylinehost.com
-
06-12-2005, 04:43 PM #15Web Hosting Guru
- Join Date
- Aug 2002
- Location
- East Coast
- Posts
- 277
Wow I never ever click any links from paypal, ebay, or BMO (my bank) directly. I always visit the site. Takes 3 seconds longer but well worth it.
- 7de5igns
-
06-12-2005, 05:24 PM #16Registered User
- Join Date
- Jan 2004
- Posts
- 411
the best one was www-ebay.com
http://www-ebay.com/blah/blsah.php?bla
-
06-13-2005, 04:48 PM #17Web Hosting Master
- Join Date
- Apr 2005
- Location
- San Francisco, CA
- Posts
- 1,031
For WEBHOSTS:
We have few "fake" Ebay/Paypal sites installed on our GOOD customers websites thru security holes in PhpBB (2.0.15) and Gallery scripts without even knowing - force all of your customers to switch into VBulletin - PhpBB is really annoying with all of this holes discovered every few days.
-
06-13-2005, 04:52 PM #18Web Hosting Master
- Join Date
- Apr 2001
- Location
- Pittsburgh, PA
- Posts
- 1,306
Well, the phpBB folks have been responsive. That's more than I can say for Ikonboard. That said, I imagine it would be difficult to get your customers to replace a free product with a not-free product.
Kevin
-
06-13-2005, 04:55 PM #19Web Hosting Master
- Join Date
- Jan 2005
- Location
- Minneapolis, MN
- Posts
- 966
You could ask them to switch to SMF. It's free and they offer a conversion script.
Doyle Lewis
BuyHTTP Internet Services - In business since 2003
Business Hosting | nginx, CloudLinux, Varnish cache, and CDP with every business account
Shared, Reseller, Semi Dedicated, VPS, Cloud, Dedicated - We can grow with you
-
06-13-2005, 04:56 PM #20Web Hosting Master
- Join Date
- Apr 2005
- Location
- San Francisco, CA
- Posts
- 1,031
Yea, I agree.
Only solution at this time "locate viewtopic.php" and erase any installations of PhpBB lower then latest build - customers get mad, but they have to read newsletters or upgrade to dedicated servers and do whatever they want.
We trying hard to fix phpbb holes with Mod_Security but it's not allways work - last week we discovered bunch on new exploits - finally decided to DONT allow PhpBB here anymore.
Even customers get mad in a begining - since last week we got 9 new installations of VBulletin (as replacement of PhpBB).
-
06-13-2005, 05:01 PM #21Web Hosting Master
- Join Date
- Mar 2001
- Location
- Houston, TX
- Posts
- 973
Ah SMF - love it. phpBB - bleh. :-/
RojWeb Hosting? Been there. Done that.
I am niyogi.
-
06-13-2005, 06:13 PM #22Temporarily Suspended
- Join Date
- Jul 2004
- Posts
- 72
i had people email me www.paypol.com almost fell for it as the email was really serious on their bussiness and it said "click her" i went to the site ..looked like it and they i saw the URL i was like what the ..heh , i dont fall for dat stuff no more.
-
06-13-2005, 07:34 PM #23Web Hosting Master
- Join Date
- Jan 2002
- Posts
- 1,053
Originally posted by alpha
I don't ever click on links in emails anymore from any site that involves my finances (bank, credit cards, paypal). Although I usually check on my accounts every few days, I usually just go to the sites directly instead of clicking on them (not hard).
-
06-13-2005, 08:57 PM #24WHT Addict
- Join Date
- May 2004
- Posts
- 133
Yeah, it's easy to get tricked when you forget to check.. but generally, since I almost never actually receive emails from ebay or paypal (unless I purchased / bid on something), I get mighty suspicious when I do.
I just check the link it's going to and if the actual target isn't the company, I send the email with all it's headers to spoof@paypal.com or spoof@ebay.com
~Kristy
-
06-14-2005, 12:24 AM #25Web Hosting Master
- Join Date
- Jul 2002
- Posts
- 3,374
i just read the article about email phising on the current BusinessWeeks. it talk about Microsoft Send ID and a better system for fighting phising IronPort's domains key. BusinessWeek said a lot of bank/ISP already using IronPort's system and eventually small business will have to use some kind of domains key system.
humm...does anyone think this "domains key" system will work? how long before the system got cracked or another way for phising surface.