• When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network.

Archived

This topic is now archived and is closed to further replies.

I saw this coming!

Started by comicwiz,

10 posts in this topic

comicwiz

comicwiz

Posted
Posted

Watchdog warns of fake eBay Web site

 

  • Fraudsters trying to steal credit card information from online auction house eBay’s 55 million users appear to have set up a fake Web site that mimicked the firm, a private internet watchdog said yesterday. The scam involved e-mails that asked receipients to log on to a Florida-based Web site, ebayupdates.com, and re-enter financial data for eBAy, said Dean White, the Asia-Pacifi co-ordinator of a U.S group, SANS Institute Internet Storm Center. The scam site sported the e-bay logo and colours but did not appear to have any connection with California-based eBay, White told Reuters. The scam e-mail, provided to Reuters by White, is headed “ebat (sic) billing error” and begins: “Dear Ebay Member, We at Ebay are sorry to inform you that we are having problems with the billing information of your account.”
     
    White said the mail, aimed at eBay’s registered customers but possibly mass-mailed to other Internet users, began appearing on Dec 6. The company hosting the fake Web site had been informed and yesterday the site was unavailable on the Internet.

 

I recieved a suspicious email from these guys a few weeks ago, requesting an update to my information. Instead of clicking the link they offered, I contacted ebay, and the rest is history. The title of this subject, I saw this coming, is another way of saying that ebays business model has inherent weaknesses that make it easy for internet savvy thieves to break through their "systems of trust." For example, many of you may think that this is a problem related only to ebay sellers who provide their credit card information to list items on auction. However, with ebays recent product diversification, including their new "verified" member service, and their acquisition of paypal, one must beg the question: is ebay preparing itself against a new breed of internet savvy fraudsters preying on their next faceless victim?

 

My understanding of the aforementioned story is that this band of fraudsters were printing cards with the acquired information, and starting to ring up purchases on their accounts. Had it not been perhaps for some people that found these emails somewhat suspect, they probably would have been successful in doing this for much longer. One case of fraud is enough for ebay to wake up and smell the coffee, because even if one were to look at ebays current system of "verifiying" new ebay sign-ups, whereby people wanting to get some added level of credibility other than a goose-egg behind their name, offer-up their credit card info to ebay, and ebay does a check on their credit, this system exposes that member to a great deal of outside criminal activity.

 

Currently, when an ebay member provides their credit card information to ebay, behind their motivation is the detaching themselves from the stigma of a "new" ebayer, with the shades, and a goose-egg. I know a great many sellers that do not allow "new" members to bid on their auctions. To avoid this hassle altogether, "new" sign-ups have the option of providing ebay with thier credit card info, and when everything checks out, ebay sticks a "verified" logo or a checkmark beside the new members id. Whats problematic about this is that these types of members stick out like a sore thumb when fraudsters are looking for their next victim. Collecting a list of "verified" members, and then sending out an email claiming that ebay needs to update their credit card info, is an ideal scenario for a fraudster out to make a fast buck, and an ebay member who is bent on keeping their credibility intact, and following ebay's policies, even though ebay is not doing their part to protect this particular member.

 

I've said this before, and I'll say this again; ebay's lax attitude toward ridding fraud has to reexamined, and QUICKLY in order for this online person-to-person trading community to survive in the dot com world of the QUICK, and the DEAD. I'm betting that ebay's teflon coated reputation won't help AT ALL if a similar situation of fraud exposes any of its paypal members. The example cited above is one of the many that illustrates why ebay continues to be the laughing stock among fraud prevention agencies all across North America. mad.gif

Link to comment
Share on other sites
tb

tb

Posted
Posted

I received the mail below a few days ago. It looks genuine and I would have returned the survey if it had not been for all the fraud reports recently. How do you tell whether a mail like this is a fraud? (I XXX-ed the links to avoid any risk of exposing my account details).

 

The page it links to starts like this:

 

eBay Seller Survey

 

Please take 5 minutes to answer the following survey. By providing your input, you will help ensure that future eBay seller programs better meet your needs.

 

1. Thinking of all the places in which you sell, please estimate the percentage of your sales that you do in the following channels.

Note: please confirm that your entries total 100%.

 

...

 

I've only looked at the first page.

 

-----

 

From :

"eBay"

 

Reply-To :

"eBay"

 

To :

XXX@hotmail.com

 

Subject :

eBay Requests Your Feedback

 

 

Dear eBay Seller,

 

In a continuing effort to provide our sellers with the best possible services, we randomly select and invite sellers, like you, to

participate in user surveys. Your feedback will help eBay to better understand your needs and to develop future programs that

improve your seller experience.

 

Please take 5-10 minutes to respond to this web-based survey. We would like to learn more about your experience with selling Art,

Antiques, Coins, Collectibles, Pottery & Glass and Stamps on eBay and other channels (e.g. flea markets, antique shows, etc). We

are particularly interested in obtaining your evaluation of how eBay compares to the other marketplaces you use.

 

Simply click on the Web address shown below (or copy the address into your browser) to be connected directly to the survey.

 

http://welcome.ebay.com/cgi-bin/XXXXXXXXXXXX

 

We respect your privacy and will use the information you provide in strict adherence to eBay's privacy policy

(http://welcome.ebay.com/cgi-bin/XXXXXXXXXXXXX).

 

Best regards,

eBay, Inc.

 

 

 

Link to comment
Share on other sites
Darthdiesel

Darthdiesel

Posted
Posted

I got the same email and I found it cathartic to fill out the "other" fields with vulgarities and obscenities and also acts of degrading violence and ill-will towards the fraudulent perps and their families. I sure hope that it really didn't come from eBay or they'd have the profile of one seriously mentally unbalanced powerseller! laugh.gif

Link to comment
Share on other sites
Bronty

Bronty

Posted
Posted

Well, if I'm the "Slap Leather Kid" then the only time to attack would logically have to be when you were turned around.. tongue.gif

 

..heheh and the juvenile humour (canadian sp, OK?) continues...

Link to comment
Share on other sites
comicwiz

comicwiz

Posted
  • Author
Posted

How do you tell whether a mail like this is a fraud? (I XXX-ed the links to avoid any risk of exposing my account details).

 

Its actually very difficult to determine a fraudulant email address, but not impossible. If you are familiar with checking for message headers in an email (each email leaves a trail of which includes an IP address, which is similar to a web address, except a series of four sets of numbers seperated by a dot), a DNS, and in most cases a direct link to the Internet Service Provider. If you are able to pull all that info from an email, enforcement agencies are capable of actually pinpointing a a full name, and and physicall address of the perp by contacting the ISP with which they are subscribed. There are however, some exceptions; it is possible to set up a bogus, or what is known as an anyonymous smtp (a.k.a. "outgoing" mail) server.

 

This is a commonly used tactic of people who are usually doing illegitimate email broadcasts (porn, telemarketing scams, etc.), Anyonmous smtp servers are actually very simple to set-up, and most people configure regular workstations or desktops to perform this function. The reason why smtp mail servers are relevant to your question is because this is where all the data, including IP, DNS and ISP info is binded to what is known as an message header (email address trail). Anyonymous servers create a bogus set of IP's, meaning that even though this information binds to the email header and may be captured, its not going to lead to the location, or the actual perp. In some cases, it actually is a case whereby the wrong person may be accused. Some measures have been taken by ISP's in the recent year to remove the incidence of relaying broadcasts like this without some attaching some identification of the sender, but despite such efforts, internet savvy broadcasters find ways to "cloak" their practices time and time again. This said, if you know exactly what you are looking at, it is often evident, just like an amateur resto job on a comic, when an email is coming from a suspect location.

 

As for the actual set-up of an internet location, with the knowledge of how to set-up a sub-domain, it can be fairly easy to fool people to believing they are actually visiting an internet location that is representative of the firm the fraud may be associating to. This is an example of a sub-domain that uses the word "ebay":

 

http://ebay.comicwiz.com

 

With such knowledge, it is also easy to fool people into believing you are somehow affiliated with a company, without the other company even knowing about it. There are other ways to pull this off, but the most common way is through domain forwarding software, and populating sub-domains.

 

So I guess, the next question would be; how to police this kind of activity effectively. I don't want to sound like a braggart, but I was doing stuff like this in the heyday of dot com's when every tom, and harry wanted to build everything from an adult entertainment site, to home improvement portals; for the most part, I steered far away from any shady business endeavours, but I did consult a great many reputable companies on various ways to not only effectively market their products, but when "aggressive" market pushed the boundaries in internet edicate, I'm not going to deny the fact that my "marketability" depended heavily on having a few tricks up my sleeve. This may sound so cliche, but to effectively police people who commit such tricky tactics, you have to get people on-board that not only can mimic their practices, but have to also be able to think like they do.

Link to comment
Share on other sites
lighthouse

lighthouse

Posted
Posted

http://welcome.ebay.com/cgi-bin/XXXXXXXXXXXX

 

This is a legitimate eBay survey...

 

I strongly suggest that if you have ANY questions about whether the survey is genuine, do not respond. There are too many people out there trying to scam and safety is a better approach...

 

But the link above is to the actual eBay website, as are any links to sites "xxxxxxxx.ebay.com". The dot directly before the ebay.com indicates that it is a subsite of ebay. The concern is with any site that does not specifically link to ebay.com (such as ebay-help.com or ebay-support.com or ebay-sales.com). But if the characters before the dot-com are "ebay" and there are no characters before the word "ebay" OR a dot before the word "ebay", it's a link to the actual ebay site.

 

So, "fraud.ebay.com" is legitimate. "ebayfraud.com" is not...

 

But again, because it is easy to misread, it is better to err on the side of caution....

Link to comment
Share on other sites
Go to topic listing