PDA

View Full Version : WARNING! Spoofing and Phishing AT eBay!



JustOneMore
08-08-2006, 09:01 PM
Many of you are aware of phony "spoof" email messages that look like official eBay email, asking for your username and password. Today I saw something new: eBay auctions that take you to a login page that looks like the real eBay login page, but is located at a NON-eBay site. Logging in will give your username and password to some unknown party.

Here is what the auctions look like:
http://i6.tinypic.com/242zx1c.jpg
Notice the two auctions with the scantily-clad women.

Clicking on one of the auctions takes you to a page that looks EXACTLY like the ebay login page, but is actually a NON-eBay site. Logging in there will give your ebay username and password to some unknown party.

I didn't fall for it because I knew I was already logged in, but I'm sure many people will fall for it.

If you are an eBay member, be careful whenever you log in. Make sure the URL address is at ebay.com.

DarthPete
08-08-2006, 10:53 PM
If I recall correctly this tactic is known as fishing (or its probably ph1$h1ng in 1337 speak).

I saw one of these auctions not too long ago. Certainly didn't fall for it.

toxictoyzz
08-08-2006, 11:30 PM
i even recall a star was auction. around december last year there was a lot of 30+ toptoys stormtroopers in a shipping case. it was sold and a few days later another lot of 30+ toptoys stormtroopers turned up from another seller. i clicked on the auction and was redirected to a log-in page. did look like an ebay page. i fell for it and logged in but having problems returning to the main page i opened a new browser, logged into ebay and changed my password. i also notified ebay about this and about 2 hours later that auction was gone. the question now is why did you click one of the auctions with those ladies!!! http://threads.rebelscum.com/images/graemlins/wink.gif http://threads.rebelscum.com/images/graemlins/tongue.gif http://threads.rebelscum.com/images/graemlins/grin.gif

CaptainJack
08-09-2006, 07:13 AM
Yeah, if you report these things to eBay they get shut down very quickly. I think there's a specific e-mail link for reporting scams somewhere on the eBay page.

iamjangofett75
08-09-2006, 09:19 AM
I'm sort of unclear, off the top of my head, of what use it is to steal someone's eBay login. You can ruin their rating, bid on all kinds of nonesense, sellers could bid up their items, but there is no direct access to Paypal, which has a separate log in. They can't readily get to your money through eBay, can they?

Still, they're a wretched hive of scum and villainy, so I hope there's a death penalty in whatever state that catches them!

JustOneMore
08-09-2006, 11:13 AM
I'm sort of unclear, off the top of my head, of what use it is to steal someone's eBay login. You can ruin their rating, bid on all kinds of nonesense, sellers could bid up their items, but there is no direct access to Paypal, which has a separate log in. They can't readily get to your money through eBay, can they?




In addition to the mischief you mentioned, they would have access to personal information such as your name, home address, phone number, and email address.

sotoam
08-09-2006, 11:52 AM
I'm sort of unclear, off the top of my head, of what use it is to steal someone's eBay login. You can ruin their rating, bid on all kinds of nonesense, sellers could bid up their items, but there is no direct access to Paypal, which has a separate log in. They can't readily get to your money through eBay, can they?




In addition to the mischief you mentioned, they would have access to personal information such as your name, home address, phone number, and email address.



Also, they could put up a bunch of bogus stuff for sale at nice prices (PSPs at $100, digital cameras at 1/2 price, 12 Back Luke at $200) so people would buy it and send them the money. They could make the price low, but not so low that it would cause suspiscion. They would not have to send the goods or even have to have the goods because eBay would come after the person whose id they stole.

toxictoyzz
08-09-2006, 12:49 PM
there have been various fraud attempts with ebay login data but the worst of all (happened a few times here in germany) is when those people just mess around with your account and buy lots of different high priced stuff.

i remember a tv report that showed a guy who's account was hacked and these guys bought a yacht, a small plane and other expensive stuff. just a big hoax i guess. probably kids who didn't know what they were doing.

he had a bill of a few hundred thousand euro! and since an ebay purchase is a contract between buyer and seller the user was urged to pay and ebay was not even held responsible because it is the users responsibility to protect the account.

he was able to explain his story to some of the sellers and some didn't insist on their money but others did and he now has a full blown lawsuit against ebay and against some of those sellers.

i would have loved to see his face when he logged into his account and saw all these purchases. however that shows us to be careful with our login data and i hope this won't happen to anyone here on the boards

Leif_G
08-10-2006, 11:15 AM
I'm sort of unclear, off the top of my head, of what use it is to steal someone's eBay login.



People do this to setup fake auctions. They have the money redirected to themselves and leave the person who owns the account holding the smoking gun.

spoons
08-13-2006, 05:26 PM
also a lot of people use the same log in info for ebay, paypal, banks etc

These guys just take the chance and could end up stealing a lot of cash http://threads.rebelscum.com/images/graemlins/shocked.gif

nextoy
08-14-2006, 01:21 PM
I'm sort of unclear, off the top of my head, of what use it is to steal someone's eBay login. You can ruin their rating, bid on all kinds of nonesense, sellers could bid up their items, but there is no direct access to Paypal, which has a separate log in. They can't readily get to your money through eBay, can they?




In addition to the mischief you mentioned, they would have access to personal information such as your name, home address, phone number, and email address.



Also, they could put up a bunch of bogus stuff for sale at nice prices (PSPs at $100, digital cameras at 1/2 price, 12 Back Luke at $200) so people would buy it and send them the money. They could make the price low, but not so low that it would cause suspiscion. They would not have to send the goods or even have to have the goods because eBay would come after the person whose id they stole.


That's right. A few months ago, I suddenly had 32 auctions listed under my account for fairly pricey electronic merchandise. The good news is that eBay themselves noticed the unusual activity and shut it down, refunding all listing fees to me which had been charged to my account. They alerted me, and I had to change my username and password. They also recommended downloading eBay's tool bar with Account Guard. It turns green when you are on an official eBay or PayPal site. It does not turn green if fake. I recommend that all eBay and PayPal users download Account Guard. Go to eBay and learn about it.

Tom N