Page 1 of 2 12 LastLast
Results 1 to 25 of 39
  1. #1
    Join Date
    Jul 2002
    Posts
    3,374

    Angry ebay phising got really advanced!

    i sell my college text book on ebay and i just got a email from ebay saying i am now able to join their powerseller program and i fell for it. i click the link and the logon page look just like ebay logon.

    i type in my account/password and when it ask for my personal info. i stopped and look at the URL. i guess my little brain is telling me something is not right... i got out and went into real ebay/paypal right away to change my password.

    you know, you tho you see it all but then bam! scammer come up with a real scam. i hope my ebay/paypal account is no screw up.

  2. #2
    Join Date
    Feb 2002
    Location
    Australia
    Posts
    24,027
    Yep, they're getting trickier to spot. I almost fell into a similar trap a few mths back. If these scammers are almost fooling seasoned internet folks, what chance does the general public have?
    WLVPN.com NetProtect owned White Label VPN provider
    Increase your hosting profits by adding VPN to your product line up

  3. #3
    Join Date
    May 2004
    Location
    Baltimore, MD
    Posts
    1,211
    Someone needs to write a darn FireFox plugin that comes up after scanning the page and goes "OH MY GOD IT'S A FAKE! CLOSE CLOSE CLOSE!" -- I bet you it would be #1 plugin after a week.
    Automated Tendencies - Brand Management Agency from Baltimore, Maryland.
    Reputation Management • Search Engine Optimization • Pay Per Click • Email Marketing

  4. #4
    Join Date
    Dec 2000
    Location
    East Coast
    Posts
    1,749
    I don't ever click on links in emails anymore from any site that involves my finances (bank, credit cards, paypal). Although I usually check on my accounts every few days, I usually just go to the sites directly instead of clicking on them (not hard).

    There some even more advanced ones out there (trojans) like the ones that runs its own DNS server and replaces it in your network configs and forwards domains like paypal.com to its own fake site.

    Crazy cyberworld.

  5. #5
    Join Date
    Sep 2002
    Posts
    1,585
    someone owned a good domain which almost fooled me one, and they created a subdomain, its url was like:

    http://secure.paypal.21534.com/

    They even had a cheap SSL.

  6. #6
    Its amazing what people will do to get a dollar...

    Every time I get one of those stupid emails, I report it to eBay and PayPal and they always send this generic BS email back saying...

    "(company) will never send you an email requesting your private information..."

    Its almost like they don't care. Does anyone know if they actually follow up on these fraud attempts?

    LH
    If the web closed at midnight, what would YOU do?

  7. #7
    Join Date
    Mar 2001
    Location
    Houston, TX
    Posts
    973
    Sad situation for the world to be in - I'm not worried about myself; I'm worried about my mother who sits at work all day as a CAD designer (not knowing much other than AutoCAD) who gets this in her e-mail and decides to hand over all her information on a platter.

    The FireFox plugin would be quite nice; I think Thunderbird is going to have one in the next release, no?

    Roj
    Web Hosting? Been there. Done that.
    I am niyogi.

  8. #8
    Join Date
    Feb 2002
    Location
    Australia
    Posts
    24,027
    Originally posted by whatever
    someone owned a good domain which almost fooled me one, and they created a subdomain, its url was like:

    http://secure.paypal.21534.com/

    They even had a cheap SSL.
    Yeah, I remember the link in my email was something like that, and it nearly got past me, but then I looked more closely and it was a subdomain.

    These scumbags are getting trickier and sneakier, no doubt about it.
    WLVPN.com NetProtect owned White Label VPN provider
    Increase your hosting profits by adding VPN to your product line up

  9. #9
    Join Date
    May 2003
    Location
    My Old Kentucky Home....
    Posts
    1,845
    Originally posted by LadyHost

    Its almost like they don't care. Does anyone know if they actually follow up on these fraud attempts?

    LH
    They do follow up on them and usually you'll get a second response from them stating something like "The email you reported was not sent by eBay (or PayPal). We have reported this email to the appropriate authorities."

    Realistically though, they probably get hundreds, if not thousands, of these emails a week. It would be impractical for them to try and compose a more personalized, non-formatted email for each report, wouldn't you think?

    Hate to say it, but we typically send out between 10 and fifteen emails a day to new customers and after awhile they all started sounding the same....There are only so many ways to skin a cat I guess. As much as we disliked doing so, we ended up writing out a handfull of formatted responses to fit the various responses needed and left blanks to fill in particulars. That's just for 10-15 a day. If we had eBay's volume we would likely be doing the copy-paste-send thing too.
    It's time to kick back, pop in a From Autumn to Ashes CD, and relax.....

  10. #10
    Join Date
    Apr 2001
    Location
    Pittsburgh, PA
    Posts
    1,306
    Originally posted by LadyHost
    Its almost like they don't care. Does anyone know if they actually follow up on these fraud attempts?
    Yes, they care, and they do followup. You may not receive a personalized response, but they have an entire system setup to track phishing and fight it. In the rare case where we've had a phishing page, we've been notified by these folks (see URL below) sometimes within an hour of the page going up. They are obviously operating many "spamtrap" type addresses so they can recognize phishing attempts as soon as they start.

    http://www.phishreport.net/

    Kevin

  11. #11
    Netcraft is doing a toolbar that you can install on both IE and Firefox...
    System requirements: Internet Explorer on Windows 2000/XP or Firefox 1.0 or later...

    http://toolbar.netcraft.com/help/tut...nstalling.html

    * Protect your savings from Phishing attacks.
    * See the hosting location and Risk Rating of every site you visit.
    * Help defend the Internet community from fraudsters.

  12. #12
    Originally posted by sigma
    http://www.phishreport.net/

    Kevin
    Thanks for the info Kevin. If its not a million dollars I am going to look into doing it.

    LH
    If the web closed at midnight, what would YOU do?

  13. #13
    I fell for one of these once, but not in the same way you'd expect;

    I got one of the scam PayPal emails, and generally I like to look at them just to catch the spelling errors and other obvious errors that give it away. Well, I brought one up, and suddenly got a phone call.

    I walked away from my computer for a few minutes, and walked back. Since the paypal page was up, I instinctively typed in my username and password and hit Enter.

    It was about a nanosecond after I pressed the Enter key that I realized what I did.

  14. #14
    Join Date
    Feb 2004
    Location
    Southern California
    Posts
    751
    Thunderbird has a fun little plugin that will go 'SPF Cannot Be Verified, Adress Forged!'; and all the major sites have SPF anyways, good plugin, cannot remember the name of it, but its on the Thunderbird plugins page...
    SkyLineHost.com
    ▓ ▓ Shared hosting that soars above the competition
    ▓ ▓ ▓ Based in Los Angeles. sales@skylinehost.com

  15. #15
    Join Date
    Aug 2002
    Location
    East Coast
    Posts
    277
    Wow I never ever click any links from paypal, ebay, or BMO (my bank) directly. I always visit the site. Takes 3 seconds longer but well worth it.
    - 7de5igns

  16. #16
    the best one was www-ebay.com
    http://www-ebay.com/blah/blsah.php?bla

  17. #17
    Join Date
    Apr 2005
    Location
    San Francisco, CA
    Posts
    1,031
    For WEBHOSTS:

    We have few "fake" Ebay/Paypal sites installed on our GOOD customers websites thru security holes in PhpBB (2.0.15) and Gallery scripts without even knowing - force all of your customers to switch into VBulletin - PhpBB is really annoying with all of this holes discovered every few days.

  18. #18
    Join Date
    Apr 2001
    Location
    Pittsburgh, PA
    Posts
    1,306
    Well, the phpBB folks have been responsive. That's more than I can say for Ikonboard. That said, I imagine it would be difficult to get your customers to replace a free product with a not-free product.

    Kevin

  19. #19
    Join Date
    Jan 2005
    Location
    Minneapolis, MN
    Posts
    966
    You could ask them to switch to SMF. It's free and they offer a conversion script.
    Doyle Lewis
    BuyHTTP Internet Services - In business since 2003
    Business Hosting | nginx, CloudLinux, Varnish cache, and CDP with every business account
    Shared, Reseller, Semi Dedicated, VPS, Cloud, Dedicated - We can grow with you

  20. #20
    Join Date
    Apr 2005
    Location
    San Francisco, CA
    Posts
    1,031
    Yea, I agree.

    Only solution at this time "locate viewtopic.php" and erase any installations of PhpBB lower then latest build - customers get mad, but they have to read newsletters or upgrade to dedicated servers and do whatever they want.

    We trying hard to fix phpbb holes with Mod_Security but it's not allways work - last week we discovered bunch on new exploits - finally decided to DONT allow PhpBB here anymore.

    Even customers get mad in a begining - since last week we got 9 new installations of VBulletin (as replacement of PhpBB).

  21. #21
    Join Date
    Mar 2001
    Location
    Houston, TX
    Posts
    973
    Ah SMF - love it. phpBB - bleh. :-/

    Roj
    Web Hosting? Been there. Done that.
    I am niyogi.

  22. #22
    Join Date
    Jul 2004
    Posts
    72
    i had people email me www.paypol.com almost fell for it as the email was really serious on their bussiness and it said "click her" i went to the site ..looked like it and they i saw the URL i was like what the ..heh , i dont fall for dat stuff no more.

  23. #23
    Join Date
    Jan 2002
    Posts
    1,053
    Originally posted by alpha
    I don't ever click on links in emails anymore from any site that involves my finances (bank, credit cards, paypal). Although I usually check on my accounts every few days, I usually just go to the sites directly instead of clicking on them (not hard).
    ditto

  24. #24
    Join Date
    May 2004
    Posts
    133
    Yeah, it's easy to get tricked when you forget to check.. but generally, since I almost never actually receive emails from ebay or paypal (unless I purchased / bid on something), I get mighty suspicious when I do.

    I just check the link it's going to and if the actual target isn't the company, I send the email with all it's headers to spoof@paypal.com or spoof@ebay.com


    ~Kristy

  25. #25
    Join Date
    Jul 2002
    Posts
    3,374
    i just read the article about email phising on the current BusinessWeeks. it talk about Microsoft Send ID and a better system for fighting phising IronPort's domains key. BusinessWeek said a lot of bank/ISP already using IronPort's system and eventually small business will have to use some kind of domains key system.

    humm...does anyone think this "domains key" system will work? how long before the system got cracked or another way for phising surface.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •