someone tried to get my ebay password again....

Drache · August 03, 2008, 10:32:21 AM

Beware to all those ebay sellers, I received an email from "ebay" asking if an item that I had recently listed (but didn't reach the reserve) was still available. I never reply using emails, I go into My Ebay Messages and reply from there. Oh look... that supposed ebay message wasn't in my Ebay Message Inbox. So just for shits a giggles I clicked the respond button and sure enough a fake login page appeared. These guys are getting sloppy, the URL wasn't even CLOSE to ebay's and there were things missing from a real ebay sign in page. The scary part is though my login name was already in the username space, I did not type that in there.... Anyways I changed my password just to be sure....

REAL EBAY SIGN IN PAGE:
https://signin.ebay.ca/ws/eBayISAPI.dll?SignIn&_trksid=m37

FAKE EBAY SIGN IN PAGE:

Troy · August 03, 2008, 12:54:24 PM

They knew your user name from the parameters in the URL.

By the way, do you know what that site sells? I'd appreciate it if it weren't linked to from here.

Troy

jeryst · August 03, 2008, 01:06:05 PM

If you get a spoof email, dont even click on it to open the page!.

Some of the new trojans are downloaded to your machine as soon as you open the page.

They dont care if they're sloppy, because by the time you see the page, it is too late.

Drache · August 03, 2008, 01:30:50 PM

Quote from: jeryst on August 03, 2008, 01:06:05 PM
If you get a spoof email, dont even click on it to open the page!.

Some of the new trojans are downloaded to your machine as soon as you open the page.

They dont care if they're sloppy, because by the time you see the page, it is too late.

Can't get downloaded if it's not accepted on my machine, I haven't even had a piece of spyware in years....

It was forwarded on to ebay the moment I got it and my password was changed....

Troy, the site doesn't sell anything, they just someone to log into ebay so they can get your password.

dodgecharger-fan · August 03, 2008, 08:02:31 PM

Did you view the e-mail?

Was it in html format?

If so, then that's enough to put a trojan on your machine.

Heck. You went to the site. If it had any kind of image on it, that's enough to get a trojan on your machine.

I could send you a picture of a Charger that would give me total control of your pc and you wouldn't know it.
All I need is for you to open the picture - if you have the preview pane open in your e-mail client, it's done.

Get some security software on your PC, man or I'll send your old girlfriend back to strangle you again.

Sorry, I couldn't resist throwing that in there. I'm just kidding about that.

Drache · August 03, 2008, 08:22:35 PM

Quote from: dodgecharger-fan on August 03, 2008, 08:02:31 PM
Did you view the e-mail?

Was it in html format?

If so, then that's enough to put a trojan on your machine.

Heck. You went to the site. If it had any kind of image on it, that's enough to get a trojan on your machine.

I could send you a picture of a Charger that would give me total control of your pc and you wouldn't know it.
All I need is for you to open the picture - if you have the preview pane open in your e-mail client, it's done.

Get some security software on your PC, man or I'll send your old girlfriend back to strangle you again.

Sorry, I couldn't resist throwing that in there. I'm just kidding about that.

I've got enough security software on my site to make must government agencies jealous. Like I said, I haven't had even a single virus, trojan, spyware, nor any other malicious program on my computer for the past three years. The guy who wrote the program I'm using gives out a $15000 guarantee that if your computer is "taken over" or "infected" while you run his beta program he'll pay for any damages, repairs, or anything else done using your computer (includes purchases on ebay thanks to me). He's planning on selling this program (which I cannot release the name of until the 5 year contract is up) to government agencies like the RCMP and CSIS.

im far from being a noob on a computer

dodgecharger-fan · August 03, 2008, 09:15:04 PM

Security software is only as good as the user behind the keyboard, though.

I'm not saying you're not. I'm just saying..

All it takes is a little social engineering to get someone to click the link/open the e-mail/view the picture and it could be enough.

I've seen it done with most of the major Internet security software packages running on the machines - even MACs and Linux boxes. It has less to do with the OS than it does with tricking the user.

Drache · August 03, 2008, 09:19:20 PM

I know all about hidden programs especially in images

But even then a trojan is still a trojan and they are all detected the same. Whether or not they can be cured is something elses....

dodgecharger-fan · August 03, 2008, 10:02:41 PM

Quote from: Drache on August 03, 2008, 09:19:20 PM
they are all detected the same.

That's a frightening statement if you think it's true. There's some general guidelines as to how all of the KNOWN trojans work, but even heuristic monitoring can't catch something that it's not looking for.

Drache · August 03, 2008, 10:26:31 PM

key loggers all have the same certain command pathways which are detectable for those who know what they are looking for...

But hey, Im the guy who used to play around with programs like Back Orifice when we were kids...

Drache · August 04, 2008, 11:04:19 AM

Ok I just got another "email" from ebay but this time a SUSPENSION notice?! I don't have one of these in my Ebay inbox though which makes me suspicious BUT, the email address is from ebay.com... It says:

Quote
Dear Archangels_grace,

We are writing to alert you that your eBay account has been suspended.

Per the User Agreement, Section 9, we may immediately issue a warning,
temporarily suspend, indefinitely suspend or terminate your membership
and refuse to provide our services to you if we believe that your actions
may cause financial loss or legal liability for you, our users or us.

To remove any limitations, you are required to confirm your eBay registration.

The link they want to send me to:: http://signin.ebay.com.ws.ebayisapi.dll.usingssl.yes.signin (this is not the full shortcut)

What is going on?! The only thing I can think of is I submitted that false ebay email to Ebay through their spoof section like it told me to and the next day I get this!

In the shortcut though around the middle appears this:

Quotejetblachhowardstern.net

so Im going to guess it's fake. I forwarded this one also onto ebay spoof section as well....

dodgecharger-fan · August 04, 2008, 11:18:52 AM

Quote from: Drache on August 04, 2008, 11:04:19 AM
the email address is from ebay.com...

No it's not.

Drache · August 04, 2008, 11:32:55 AM

Quote from: dodgecharger-fan on August 04, 2008, 11:18:52 AM
Quote from: Drache on August 04, 2008, 11:04:19 AM
the email address is from ebay.com...

No it's not.

Um yes it is... the email was from support@ebay.com which you can't see on that picture so why say it wasn't?

dodgecharger-fan · August 04, 2008, 12:02:18 PM

The content of the e-mail for one. eBay doesn't send stuff like that out.

The link you posted isn't even a proper link - even if it's only a partial, what you posted wouldn't fool the noobiest noob on the net - and the fact that it had "jetblachhowardstern.net" in the middle is a dead giveaway that it's a scam.

Google up a way to to read full e-mail headers and you'll find out that the e-mail did not come from ebay.

You can make the "from:" field say anything you want, but the e-mail headers don't lie - unless they've been altered too and they can be, but there are ways to see that to the point at least that you'd know it didn't come from ebay even if you couldn't track it all the way back to where it really came from. At a minimum, the headers are going to not tell you enough to be sure that it came from eBay and that's enough for me to not trust it.

This is exactly what I was talking about with the social engineering thing. They're not trying to put anything on your machine. They just want to fool you in to giving up some info.
The fact that you're so certain it came from ebay means that the ruse was successful - to a point. Not to the point that you went and logged in, thankfully.

No security software will ever stop the user from being tricked. The best it can do is try and figure out that the site you go to isn't the one you thought it would be. That can work, but it still relies on the user to heed the warning and not all do.

As for key-loggers, I'm not sure where that came from. I never mentioned it. When a user falls for this type of phishing scam, nothing is needed on the user's PC. It relies on them typing their account info into a web form and clicking "Login" or Submit" or whatever. So, no key loggers are used. Besides they're too easy to catch these days.

Troy · August 04, 2008, 12:40:01 PM

Quote from: Drache on August 03, 2008, 01:30:50 PM
Quote from: jeryst on August 03, 2008, 01:06:05 PM
If you get a spoof email, dont even click on it to open the page!.

Some of the new trojans are downloaded to your machine as soon as you open the page.

They dont care if they're sloppy, because by the time you see the page, it is too late.

Can't get downloaded if it's not accepted on my machine, I haven't even had a piece of spyware in years....

It was forwarded on to ebay the moment I got it and my password was changed....

Troy, the site doesn't sell anything, they just someone to log into ebay so they can get your password.

Yes, they do sell stuff. Go to the root directory of the first link you posted (or use Google to see the cached version). The link was to a subdirectory within the site but the main site is commercial. Either that site was hacked so the phishing script could be put on what looked like a legitimate site or the owners of that site are some unscrupulous characters (and judging by what they sell - who knows?).

Troy

Drache · August 04, 2008, 12:51:14 PM

Quote from: dodgecharger-fan on August 04, 2008, 12:02:18 PM
The content of the e-mail for one. eBay doesn't send stuff like that out.

The link you posted isn't even a proper link - even if it's only a partial, what you posted wouldn't fool the noobiest noob on the net - and the fact that it had "jetblachhowardstern.net" in the middle is a dead giveaway that it's a scam.

Google up a way to to read full e-mail headers and you'll find out that the e-mail did not come from ebay.

You can make the "from:" field say anything you want, but the e-mail headers don't lie - unless they've been altered too and they can be, but there are ways to see that to the point at least that you'd know it didn't come from ebay even if you couldn't track it all the way back to where it really came from. At a minimum, the headers are going to not tell you enough to be sure that it came from eBay and that's enough for me to not trust it.

This is exactly what I was talking about with the social engineering thing. They're not trying to put anything on your machine. They just want to fool you in to giving up some info.
The fact that you're so certain it came from ebay means that the ruse was successful - to a point. Not to the point that you went and logged in, thankfully.

No security software will ever stop the user from being tricked. The best it can do is try and figure out that the site you go to isn't the one you thought it would be. That can work, but it still relies on the user to heed the warning and not all do.

As for key-loggers, I'm not sure where that came from. I never mentioned it. When a user falls for this type of phishing scam, nothing is needed on the user's PC. It relies on them typing their account info into a web form and clicking "Login" or Submit" or whatever. So, no key loggers are used. Besides they're too easy to catch these days.

I was talking about the "from" email address as it appeared ebay.com, I didn't say anything else BUT that....

dodgecharger-fan · August 04, 2008, 02:27:56 PM

Quote from: Drache on August 04, 2008, 12:51:14 PM
I was talking about the "from" email address as it appeared ebay.com, I didn't say anything else BUT that....

and you believe it?

Like I said, it's possible to make the "from" field say whatever you want. You can't trust what it says.

You did talk about key loggers before. That's why I brought it up. Fair enough?

Quote from: Drache on August 03, 2008, 10:26:31 PM
key loggers all have the same certain command pathways which are detectable for those who know what they are looking for...

But hey, Im the guy who used to play around with programs like Back Orifice when we were kids...

Let's assume for a second that someone hacked eBay and was able to send an e-mail as support@ebay.com, regardless of where it came from, the content alone should tell you that the message content did not originate from ebay - for the reasons I stated above.

Look. I'm not trying to call you out or anything like that, but you're saying things that just don't totally compute. You say you're far from being a noob on the computer, yet you totally miss the boat in analyzing the two e-mails - especially the second one.

If you were the non-noob that you say you are, you'd know that these e-mails get blasted out at random, hoping for someone to click the link and login.

Quote from: Drache on August 04, 2008, 11:04:19 AM
What is going on?! The only thing I can think of is I submitted that false ebay email to Ebay through their spoof section like it told me to and the next day I get this!

There's nothing "going on." It's just the Internet and spam/phishing e-mails. The fact that you got one after reporting another spoof e-mail is likely just a coincidence.

At worst, it'd be a stretch to guess that someone's got a hold of your computer - or is otherwise monitoring traffic from your computer/network/ISP's network looking for e-mails addressed to spoof@ebay.com and then snagging the source e-mail address to try and push a phish back at them. It's a huge stretch because if that were the case, I'd expect the subsequent phish to be more directed and associated with the original report rather than just another general "We're going to cut you off!" type of phish.

I'm no saying that this is what is happening. I'm just postulating that if anything really is "going on" that's a possibility.

More than likely, you're connected to the Internet and you have an e-mail address. That's enough to get you several of these per week.

Have a good one, man.

Charger74 · August 05, 2008, 02:40:48 PM

They tried the same thing not long ago with me and paypal. But the stupid idiots made the mistake of asking for my pin number for my debit card. Do they really think that I'm that freaking stupid!!! So I forwarded the email to paypal.

Drache · August 05, 2008, 05:46:11 PM

This all started the moment I started listing stuff on ebay again a week ago, before that no phishing emails....

dodgecharger-fan · August 05, 2008, 07:17:58 PM

Maybe this will convince you that it's just someone that scavenged your e-mail address from somewhere:

This says, "Dear Archangels_grace,"

Yet, your ebay username is "rollin_dodge_charger."

Every time I get a real e-mail from eBay, they use my eBay username and not the prefix of my e-mail address.

So, nothing has happened with eBay with regards to your account. You just got a phishing e-mail.

Ah! I just looked at your listing.
You post your e-mail address right in your item listing. I'm betting that's where they got your address from. That would explain why it started after you started listing stuff.
These guys have scripts that churn through eBay listings looking for just this type of thing and they add it to their "attack" list and start phishing.
You can tell it's a script because if it were a human, they'd have snagged your username and used it in the salutation instead of your e-mail prefix.

Drache · August 05, 2008, 07:40:25 PM

Quote from: dodgecharger-fan on August 05, 2008, 07:17:58 PM
Maybe this will convince you that it's just someone that scavenged your e-mail address from somewhere:

I had realized it was a phishing scam about 10 minutes after posting it. It was also forwarded to ebay's spoof section about 2 minutes after realizing it and have already gotten a response from ebay on the matter. But thanks for the help in pointing them out for next time!

DodgeCharger.com Forum

News:

someone tried to get my ebay password again....

Drache

Troy

jeryst

Drache

dodgecharger-fan

Drache

dodgecharger-fan

Drache

dodgecharger-fan

Drache

Drache

dodgecharger-fan

Drache

dodgecharger-fan

Troy

Drache

dodgecharger-fan

Charger74

Drache

dodgecharger-fan

Drache