Jump to content
Maestronet Forums

Phishers on ebay?


bean_fidhleir

Recommended Posts

Someone managed to get my credit card information and has been charging to my account in a number of guises (or perhaps it's being passed from hand to hand among the thieves). So far it's only been a few hundred dollars, and it was caught in time so I won't lose much.

I think, tho I'm still not certain, that the phisher was on ebay. I was trying to buy a dvd and recall going to email the vendor with a question when a screen popped up saying something about there being a new rule that before a vendor could be mailed, the mailer had to have credit information on file. I wasn't completely paying attention, it looked like an ebay screen and, since I thought ebay's software was too robust to allow a 'cowbird page', I entered my card's info and only came to my senses after it was far too late. As far as I've been able to find out since, there is no such rule and never has been.

So just a word of caution: be aware that the page you think is ebay's might not be.

Link to comment
Share on other sites

Yeah, I've recived that something quite similar to that, though my instance was with paypal. It said I needed to update my information and they needed my credit card to verify it (something stupid like that). I relized this could not be, beacuse I never registerd Paypal with that particular email address. So watch for that one too. Also, it doesent matter whether it has the little security thing, it can still be false.

Link to comment
Share on other sites

There is a quick way to check on e-bay and PayPal Phishing stuff. Separately, log onto your account. If it is legit, they will send both to your e-mail and to your account page messages.

I've been getting lots of Phishing e-mails from all sorts lately, I always report both to the proported sender and to "spam@uce.gov" and/or "uce@ftc.gov" by forwarding the phishing e-mail on. (that is what they prefer for tracking). Those are with the U.S. government, I don't know about for other countries.

Link to comment
Share on other sites

Funnily enough, I haven't received a phish email for ohhhhhhh, days.

They're really not that hard to spot if you remain slightly aware. My favourites are always the ones "from" banks I don't even have an account with.

Best thing to remember is NO legitimate company will ask you for a password or credit card details in an email. The line "we need you to log on and provide your cc details to prove your account is active" or any such statement should be treated with the contempt it deserves.

The unfortunate thing is that so many are caught by such emails/popups/fake sites.

Neil

Link to comment
Share on other sites

quote:


Originally posted by:
escargofast

If you caught this in time won't your credit card company take off

those charges?   Sometimes it would be worth to have one

card just for online transactions, that would have that feature.

  Is there such an animal?   Geez... what

is going on ebay these days!

Yes, thanks EF, they did take off the charges. But there might have been some in a prior month, too. I haven't looked because I feel so embarrassed and angry already that I'm afraid my head will explode if I find out it's been going on for more than a month.

Link to comment
Share on other sites

quote:


Originally posted by:
violinguy1234

Yeah, I've recived that something quite similar to that, though my instance was with paypal. It said I needed to update my information and they needed my credit card to verify it (something stupid like that). I relized this could not be, beacuse I never registerd Paypal with that particular email address. So watch for that one too. Also, it doesent matter whether it has the little security thing, it can still be false.

I don't know whether I made it clear, but the one that got me wasn't an email phish -- I have no problem with them because email is so completely untrustworthy. The one that got me was a web page, inserted into the legitimate sequence of ebay web pages so that it went real real real real fake real real...

Link to comment
Share on other sites

A good way to do a quick check on the validity of a web link (URL) is to rest the mouse pointer over the text of the link. In the browser status line, at the bottom of the window, you will see the actual text of the URL- - the actual address of the server that the browser uses to determine where the information is going to go.

If it is legitimate (or a really good spoof) it will read like:

">http://my.ebay.com/ws/eBayISAP...=MyeBayAllSelling

If it's bogus, it will most often be something more like:

">http://241.65.120.211/ws/eBayI...=MyeBayAllSelling

The difference is the numeric IP address, "241.65.120.211", as opposed to a domain name such as "my.ebay.com". What's happening is that the phisher has inserted his own server address instead of the ebay server as the destination for the data. Anyone can take a web page and mimic it perfectly, but the links will may point somewhere other than what the text indicates.

For example, see the link below. You'd think you'd be opening the U. S. White House web site. But that's only the text of the link. The actual link is different.

http://www.whitehouse.gov

So use the browser feature to see what's behind the text of the link. If it's not a domain name that you know, such as "www.ebay.com", avoid it. And be aware that domain names can be similar, but computers are exactly precise, so make sure it's not just slightly different. If the actual URL is www.ebay.com, the domain naming system on the internet will always take you to ebay (unless the bad guys have replaced you DNS server...which is unlikely, but possible)

The best policy is to just ignore any message like this. Ebay will be persistent, and keep asking you. The Phisher usually will not

Link to comment
Share on other sites

Besides looking at the address in the status bar when doing the mouseover, Microsoft has an anti-phishing filter they are developing for the next release of Internet Explorer. It can also be installed on IE 6 if you install the MSN search toolbar.

http://www.microsoft.com/athom.../phishing_filter.mspx

Or, you can install the IE7 beta. I've "seen the demo," as well as used it on some test systems, and it looks good, though I'm sure there will be some kinks to work out. If you're feeling adventurous, you might want to give it a look

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...