Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Almighty Buck

eBay Customers Targetted by Credit Card Scam 237

hether writes "Customers of the auction site eBay have been targeted by a site called ebayupdates.com. The site attempts to steal credit card details from eBay's 55 million customers. The SANS Institute Internet Storm Center issued the warning on this one. Info about the scam can be found on the BBC site, CNN, CNet, vnunet, and more. Funny enough there's no mention of this on the eBay site..."
This discussion has been archived. No new comments can be posted.

eBay Customers Targetted by Credit Card Scam

Comments Filter:
  • Surprise! (Score:4, Interesting)

    by tigress ( 48157 ) <rot13.fcnzgenc03@8in.net> on Friday December 13, 2002 @04:39AM (#4878984)
    eBay credit card scams are not new. I've received half a dozen of them in my spambox. Strangely enough, they were all addressed to the email-address I only use for eBay. What a strange coincidence.
    • Re:Surprise! (Score:2, Insightful)

      This just goes to show that the #1 security threat is always stupid end-users, not buggy software. People whose password is "QWERTY" or "secret" ought to be shot.
    • This happens very often with PayPal as well. I've seen scammers send me an email which looks like a regular PayPal email, but it's done in HTML, so it shows you a link to www.paypal.com, but the href beneath it is to something like www.paypal.com.paypalz.cx.

      Of course if you click on that link, you get presented with a page which looks remarkably similar to the paypal front page. The unaware victim/user will attempt to log in with their email/password, and then be presented with a fake error and perhaps then be redirected to the real paypal site (storing the userid/password in the process). The user attempts their login again, and is probably unaware anything happened.

      • Re:Surprise! (Score:3, Interesting)

        by tigress ( 48157 )
        Does this happen to your Paypal email-address, that you only use for Paypal and don't disclose to anyone outside of Paypal? =)

        The funny thing is that the eBay scams thing happens to the email-address that I used for eBay, never disclosed to anyone outside of eBay, except for two people that I purchased items from. Funny thing that. I suppose they must've guessed my address. =)

        (In plain text, I'm getting eBay scam email from an email-address that, if I didn't absolutely trust eBay's integrity, I might suspect that eBay sold to the scammers)
  • What? (Score:3, Informative)

    by neksys ( 87486 ) <grphillips AT gmail DOT com> on Friday December 13, 2002 @04:40AM (#4878988)
    Representatives of eBay were not immediately available for comment, but the company has issued a general warning on its Web site, urging caution over e-mails seeking passwords or credit card numbers.

    Sounds like they've mentioned it on the website to me.....

    • Re:What? (Score:4, Informative)

      by gvonk ( 107719 ) <.moc.knovtterrag. .ta. .todhsals.> on Friday December 13, 2002 @06:24AM (#4879390) Homepage
      It's tough to find, but here's the warning:

      Some members have reported attempts to gain access to their personal information through email solicitations that are falsely made to appear as having come from eBay. These solicitations will often contain links to Web pages that will request that you sign in and submit information. At eBay, we identify these as 'spoofed' emails or Web sites.

      We encourage you to be very cautious of emails that ask you to submit personal information such as your credit card number or your eBay password.

      To be sure that you are signing into a genuine eBay Web site, look at the Address/Location area of your browser. At an eBay.com sign-in or log-in page, the URL (link) that appears in the Address/Location area of your browser will begin with "http://cgi.ebay.com/" or "http://scgi.ebay.com". Please pay close attention to all characters in the address, including the forward slash (/) that follows "ebay.com". Even if the Address/Location includes the word "ebay", it may not be a genuine eBay Web site. If you receive or suspect you have received such an email, do not respond to it or click the links. Immediately send a copy of it to spam@ebay.com.

      If you have any doubt as to whether or not the website you are on is an official eBay web page, please visit our Account Security page for more complete information on the URLs used on eBay web pages.

      For more information on how to protect your eBay password and your account, click here [ebay.com].

      Regards,
      eBay
    • not immediately available for comment is journalism speak for "we tried to get another source, but they didn't get back to us in time" or "we really did try to research this topic." I think they meant they couldn't get a specific comment from the ebay on the topic, but were pointing out that ebay had put an annoucment up on their website (i.e. not denying it had happened).
    • Re:What? (Score:2, Informative)

      by ackthpt ( 218170 )
      Representatives of eBay were not immediately available for comment, but the company has issued a general warning on its Web site, urging caution over e-mails seeking passwords or credit card numbers.

      Sounds like they've mentioned it on the website to me.....

      I received the spam on this one about a week ago. I haven't received *any* warning from eBay on being careful with ID or personal info, even as a general warning, particularly via email. I'm sure, as most things I've found, there is a warning buried deep within eBay and only those with the greatest of patience and available time (or just luck) actually can find it. The site is poorly designed for navigation.

      About a month ago I attempted to post a similar article as this to Slashdot concerning very much the same style of attack in an email from a www.paypal-ebay.com site, registered to some schmuck in Nebraska. I tried, carefully worded with good references, etc. to get submit it and it died both times. So, slashdot, which often runs duplicate stories, missed the boat on that one.

      You can see some of it here:

      The email [dragonswest.com]

      The webpage [dragonswest.com]

      It's amazing what a pain it was trying to raise anyone at eBay or PayPal with their forms, etc. Customer service at both are terrible, just terrible. I only got through to PayPal with the help of some information provided by a powerseller friend. PayPal said, "yeah we know about it and are trying to shut the site down", this 6 hours after I got the spam and the site was still up at that point. Forwarding passwords to the email address of paypal@c2.hu

      So be careful, eh? Not many people are as helpful as the users.

      • I haven't received *any* warning from eBay on being careful with ID or personal info, even as a general warning, particularly via email. I'm sure, as most things I've found, there is a warning buried deep within eBay and only those with the greatest of patience and available time (or just luck) actually can find it. The site is poorly designed for navigation.

        You are either blind or you have never used ebay. Every single email I get from them contains the following warning:
        Remember: eBay will not ask you for sensitive personal information such as your password, credit card and bank account numbers in an email.

        Learn more about how to protect your account at http://pages.ebay.com/help/account_protection.html .
        And from the page mentioned above:
        If you receive or suspect you have received such an email, do not respond to it or click the links. Immediately send a copy of it to spam@ebay.com.
        So, are you a troll or a fool?
      • I tried to contact EBay and was suprised they didn't have a category for attempted fraud to address email to. I think I picked "Other topics". I sent them a message detailing the incident and got zero response.
        The site hasn't shutdown because I got another idnetical email from the same losers since then.
    • Sounds like they've mentioned it on the website to me.....

      Have you tried to find it on their website? Check their front page [ebay.com]. Nothing there. How about under "help?" Nope. Maybe under "SafeHarbor (Rules & Safety)" - sounds promising. Nothing there either.

      I search for a couple of minutes and didn't find it. Do you think someone not even looking for it would find the warning?

    • Since I submitted the story on 12/11, they might not have had it on there yet then. But even if they did, I would think it should have been front page news, or at least somewhere findable.
  • by Anonymous Coward on Friday December 13, 2002 @04:42AM (#4878996)
    WHOIS Record:

    Domain Name.......... ebayupdates.com
    Creation Date........ 2002-12-06
    Registration Date.... 2002-12-06
    Expiry Date.......... 2003-12-06
    Organisation Name.... Tred
    Organisation Address. 1742 BOLTON VILLAGE LANE
    Organisation Address.
    Organisation Address. NICEVILLE
    Organisation Address. 32578
    Organisation Address. FL
    Organisation Address. UNITED STATES

    Admin Name........... Eulalia Bergenthal
    Admin Address........ 1742 BOLTON VILLAGE LANE
    Admin Address........
    Admin Address........ NICEVILLE
    Admin Address........ 32578
    Admin Address........ FL
    Admin Address........ UNITED STATES
    Admin Email.......... qspam52@aol.com
    Admin Phone.......... 713-552-6332
    Admin Fax............

    Tech Name............ YahooDomains Techcontact
    Tech Address......... 701 First Ave.
    Tech Address.........
    Tech Address......... Sunnyvale
    Tech Address......... 94089
    Tech Address......... CA
    Tech Address......... UNITED STATES
    Tech Email........... domain.tech@YAHOO-INC.COM
    Tech Phone........... +1.6198813096
    Tech Fax.............
    Name Server.......... yns1.yahoo.com
    Name Server.......... yns2.yahoo.com

    • Tech Name............ YahooDomains Techcontact

      Yahoodomains.com: Get your own eBay-like domainname & web-card from $35/Year!
      Package includes:

      • Domain name (i.e. www.ebayaccounts.com)
      • Web Card or Web Address Forwarding
      • Email Account (to fool the best of 'em)
      • Online access to your ebay-accounts database!
      • To be fair, Yahoo did a good job of taking these jackasses offline quickly.

        This really isn't that new: it's been discussed on incidents@securiyfocus.com for the past few days. From that list:


        The form posts to

        http://www.cutandpastescripts.com/cgi-bin/formpr oc essing/forms.pl

        It has the following hidden fields, with the following values

        activenumber 428283597791
        username xacxac
        MfcISAPICommand SingInWelcome
        siteid 0
        co_partnerId 2
        UsingSSL 0
        ru
        pp
        pa1
        pa2
        pa3
        i1 -1
        pageType -1

        and the following field names, that are entered by the user on the form

        name
        address
        City
        State
        Zip
        Phone
        cc
        expi re
        Cvv2
        Bank Name
        Bank #
        checking_account_number
        Routing_number
        ssn
        m mn
        dob
        dl#
        userid
        pass (password)
        submit (value=Sign In)
        keepMeSignInOption (checkbox, checked value=1)

    • Organisation Address.1742 BOLTON VILLAGE LANE
      Organisation Address.
      Organisation Address. NICEVILLE
      Organisation Address. 32578
      Organisation Address. FL
      Organisation Address. UNITED STATES


      ...and, of course, it's straight out of America's wang... er, I mean, Florida.
  • by Toasty16 ( 586358 ) on Friday December 13, 2002 @04:43AM (#4879001) Homepage
    I have created a database of people ripped off by these ebay scams. if you think you are one of them, please send your name, address, and credit card number with expiration date to ebayscam@scamalert.com Let's get to the bottom of this scam!
  • What? (Score:1, Funny)

    by bace ( 628761 )
    A scam regarding Ebay, No i refuse to believe it.

  • by greenshift ( 198967 ) on Friday December 13, 2002 @04:48AM (#4879030)
    A couple months ago I received an email notifying me that eBay was updating its records and needed me to re-enter my user and credit card information.

    The site was at http://www.cgi5-ebay.cc/eBayISAPIdll/signin.html. Obvious to any experienced computer user as a scam.

    But since I was sure unsuspecting users may be duped, I decided to do something about it. I contacted the service provider, A Plus (aka Abacus), informed them of the scam, and requested that they shut it down. Within an hour the site was offline.

    Too bad I didn't submit this to news wire services. Oh well.
    • A commendable action! I'm sure you saved a few people some headaches. However, next time anyone is in a situation like this, I might suggest that the second place you contact (after the service provider) are whatever law enforcement agency has jurisdiction over fraud cases such as these. Shutting them down is one thing, but getting them put behind bars guarantees that they'll have to wait a while before starting up a new scam.
      • by tigress ( 48157 ) <rot13.fcnzgenc03@8in.net> on Friday December 13, 2002 @05:00AM (#4879082)
        I've reported scammers before, to the service providers. I'd love to report them to the legal authorities, except I'm in Sweden and I doubt me contacting Russian or Chinese legal authorities will do much about the fake French address that the UK scammer used in order to defraud German customers of a US company.
      • "However, next time anyone is in a situation like this, I might suggest that the second place you contact (after the service provider) are whatever law enforcement agency has jurisdiction over fraud cases such as these. Shutting them down is one thing, but getting them put behind bars guarantees that they'll have to wait a while before starting up a new scam."

        I don't know how competent the law enforcement people are where you are located, but one time I was actually questioned by the police in my town because someone was e-mailbombing a school and the police assumed it was from me because the person had put my e-mail address in the 'from' line! I would not trust these people to track down the owners of a fraudulent web site if it was hosted in their jurisdiction. (The officer actually admitted that she didn't even own a computer.)

    • I recieved something similar. I didn't look at it to see if it was really form eBay or not since it didn't matter, and I didn't know scams were going around. I popped open my browser, logged into eBay and lo and behold, my account is all up to date. Hmmm. So I look at the message again, yep, a scam.

      The easiest way to avoid getting duped is simply to always interact with the site through normal channels. Even the message looks totally legit, still login as you do normally. This eliminates the possability that you are entering a 3rd party site by accident.
      • I got a spam that asked me to go to change-ebay.com because some fraud was suspected with my ebay account. The email was obviously a spam, since it wasn't even sent to the address I used on ebay.

        Pinged change-ebay.com, and it resolved to an address that was obviously not ebay. The site was an exact copy of the ebay login page. Looked at the source code of the site, and it was a form that, on submit, emailed the ebay username and password to some scam artist and then forwarded the user to the real ebay home page.

        I notified ebay through their tech support form and the scam site was down within hours. Not a word of thanks or warning posted from ebay though. They're probably dealing with hundreds of these scams.
    • The site was at http://www.cgi5-ebay.cc/eBayISAPIdll/signin.html. Obvious to any experienced computer user as a scam.

      A sneaky semantic attack [kuro5hin.org], but sorry, no cookies for the spammers... I received a few spams that had that kind of thing, except that it was about PayPal. http://www.whatever.paypal.com@longlistofstuff... I mean, it was *very* loosely copied and they had not removed the code inserted by whatever they used to save the page with. The form used someone else's unsecured formmail.pl to send the credit card info to a Yahoo! address...

      I mailed about this to the originator, ISP, the formmail's host (I think, been a while) and Yahoo, and I heard the stuff was closed... Yahoo! address was closed within the next day, I think.

      Of course, some time later I got very similar message. Spammers are like mythical monsters: Cut off one head, and more heads will grow... but luckily the intelligence won't grow =)

    • " A couple months ago I received an email notifying me that eBay was updating its records and needed me to re-enter my user and credit card information. The site was at http://www.cgi5-ebay.cc/eBayISAPIdll/signin.html. Obvious to any experienced computer user as a scam. But since I was sure unsuspecting users may be duped, I decided to do something about it. I contacted the service provider, A Plus (aka Abacus), informed them of the scam, and requested that they shut it down. Within an hour the site was offline."

      I've seen this on a couple of occaions as well, but for paypal as opposed to ebay. The URLs were more obviously fake but I notified the network admins anyway and the person who bought one of the domains is now being charged with fraud!

      The obvious tip-off was that someone was just sending mail at random, hoping to catch paypal users. The account I received that message at had nothing to do with paypal. (And now I as will will have nothing to do with paypal [paypalwarning.com].

    • I've received about half a dozen of these. I get anything sent to my domain name, so they're usually addressed to names that are on the web site, but are never used for anything.

      I tried to figure out how to report it to eBay but couldn't find out how. It took me a while to find the "report it to spam@ebay.com". Yeah, like they pay attention to that. I don't think eBay cares at all.

      I checked out one of them, and it was geocities. I sent geocities an email and the site was removed.

      I've been an eBay member for a long time, and I remember when you just owed them 85 cents, Pierre Omidyar (the owner) would say "Nah, don't worry about it. You're a good customer. Wait until it gets higher to pay". I think he lives on a yacht now and doesn't care about eBay at all, as long as he's still making millions of it.

  • by JayBees ( 124568 ) on Friday December 13, 2002 @04:49AM (#4879032)
    Problem: Credit card theft by a scam artist web site.

    Solution: /.ing the slimey bastards til their servers cry out for mercy.

    Kudos to /. for using their powers for good instead of evil (this time). Hey, someone start submitting stories with links to riaa.org.
    • Hey, someone start submitting stories with links to riaa.org.

      Why the automatic assumption that the riaa is a scam? They support the development and careers of many talented musicians. All they are doing is rightfully protecting their own copyrighted interests, in the name of protecting the earnings of the hard working artists and musicians. The RIAA and MPAA's only goal is the advancement of the arts.

      Oh, wait.

      [engage Slashdot filter]
      KILL THEM ALL!! MAKE THEIR SCSI DRIVES BLEED!! THE RIAA AND MPAA ARE AS EVIL AS MICROSOFT AND CONGRESS!! ALL INFORMATION WANTS TO BE FREE!!
      [disengage Slashdot filter]

      There, that makes sense now.

    • Well... If you actually follow the news (not just /.) you'd realize that Slashdot was about 3 days behind on this one.

      The site was shut down quite a while ago. So we're slashdoting a null point on the net (which I believe would be yahoo's nameservers's but, check the whois and see for yourself)
    • I think it would be funnier if someone managed to give them their own credit card information. The look on their face would be priceless.
  • Old News (Score:2, Informative)

    by Shadowcaster ( 58728 )
    Funny enough there's no mention of this on the eBay site...

    There prolly was a week ago when the news broke about it though.. check web-caches and the like. That or edit the story to begin with "You probably already know about this, but..."

    • From the Auction Guild newsletter (received today):

      In a CNN article on email scams that
      use fake ebaY email formats and sites to steal identities, Chris
      Donlay, a spokesman for ebaY, said "To date, few people have
      contacted us with complaints,". ebaY once again doing what
      ebaY does best - LIE. ebaY has received thousands of emails
      about these scams. TAG has the email trail showing where in
      one case at least, ebaY left a SCAM site up from at least 9 - 11
      Dec, though the site had been up since 29 Nov and reported
      numerous times. TAG wonders why ebaY would not act on such
      reports immediately. If ebaY lets some of these sites stay up,
      does ebaY have a cover for incidents where their own site is
      hacked for info, or in cases where an ebaY employee might be
      selling account info? Employees of other companies have
      stolen and sold information, what makes ebaY immune from
      employee fraud? TAG sees account hijacking on ebaY reaching
      epidemic proportions, what IS going on at ebaY?

    • I don't pay much attention to the eBay news. It should be in the SafeHarbor (Rules & Safety), instead of eBay geeks talking about it on their chatrooms.

    • There wasn't then, but there is now. I submitted the story several days ago.

      It says:
      Some members have reported attempts to gain access to their personal information through email solicitations that are falsely made to appear as having come from eBay. These solicitations will often contain links to Web pages that will request that you sign in and submit information. At eBay, we identify these as 'spoofed' emails or Web sites.

      We encourage you to be very cautious of emails that ask you to submit personal information such as your credit card number or your eBay password.

      To be sure that you are signing into a genuine eBay Web site, look at the Address/Location area of your browser. At an eBay.com sign-in or log-in page, the URL (link) that appears in the Address/Location area of your browser will begin with "http://cgi.ebay.com/" or "http://scgi.ebay.com". Please pay close attention to all characters in the address, including the forward slash (/) that follows "ebay.com". Even if the Address/Location includes the word "ebay", it may not be a genuine eBay Web site. If you receive or suspect you have received such an email, do not respond to it or click the links. Immediately send a copy of it to spam@ebay.com.

      If you have any doubt as to whether or not the website you are on is an official eBay web page, please visit our Account Security page for more complete information on the URLs used on eBay web pages.

      For more information on how to protect your eBay password and your account, click here [ebay.com].

      Regards,
      eBay

  • Spam (Score:2, Offtopic)

    by ottffssent ( 18387 )
    Hm. That domain isn't on the whitelist for the email address I give out to likely-to-deluge-me-with-spam outfits. Such as ebay. So maybe I got it. Maybe not.

    I keep hearing about the "death of email" because of spam. It's really not hard. Pay for a respectable email address and don't give it to *anyone*. Create forwarding addresses that you give out. Apply whitelists to the address(es) you use for commerce. Apply blacklists (or actual spam filters) to the addresses you use for friends, family, etc. Every few weeks I go through the ~1000 emails that got filtered out on the odd chance they're not spam, and delete them. It doesn't take an hour a day - it takes more like an hour a month.
    • >>Hm. That domain isn't on the whitelist for the email address I give out to likely-to-deluge-me-with-spam outfits. Such as ebay. So maybe I got it. Maybe not

      Do what I did. I have my own domain with a respectable e-mail server that automatically blackholes any updates from several of the good Blackhole Sites.

      Computer Redneck
      Did you think a Redneck could support a website? Sure you just need the right number of cement blocks.

  • by raehl ( 609729 ) <raehl311@@@yahoo...com> on Friday December 13, 2002 @04:53AM (#4879048) Homepage
    Citing intellectual property violations, Amazon.com quickly filed a lawsuit in reaction to ebayupdate.com's new website.

    "The one-click credit card number stealing algorithm employed by ebayupdates.com is a clear violation of amazon.com's one click transaction patent," said amazon.com CEO Jeff Bezos in a statement. "Let this be a message to other sites like ebayupdates.com: Amazon.com will not tolerate one-click theft."

    When reached for comment, an amazon.com spokeswoman clarified that amazon.com would not take action against a process that used at least two mouse clicks.
  • by solostring ( 620535 ) on Friday December 13, 2002 @05:10AM (#4879120) Homepage
    If you check out the safeharbour forums on Ebay, this is not a rare occurance. There are many scam sites and spam emails which try to socially engineer credit card info and passwords from Ebay users.

    I really don't know why this particular instance was picked up by the big news corporations....
    • Probably for the same reason that a few months ago there was nothing in the news but incidents of child abductions. There's thousands of kids abducted a year but suddenly it was a hot issue.

      Consider this: It's X-mas time. People are shopping more, online and off. Hey lets do a PSA and boost our ratings.
      The news agency could probably care less, they are just using time and circumstance to thier benefit.
  • Here is the archived ebay response:

    There may have been something else more specific on the main page, but this page is all that seems to be left.

  • I remember back in the days when AOL didn't have unlimited accounts people would phish for credit cards.

    Telling someone that service X has lost their credit card information probably has the same hit rate of any other spam, 1-2%. It doesn't take much to make a lot of money off of stupid people.

    That theory worked years ago, and it still works today. The way I see it, 1 of 2 things needs to happen for this to stop.

    1) Greedy people have to develop some ethics

    or

    2) People have to become less stupid

    Experts predict that either one could happen around, oh, never.
  • Similar PayPal scam (Score:3, Informative)

    by pixelbeat ( 31557 ) <P@draigBrady.com> on Friday December 13, 2002 @05:30AM (#4879175) Homepage
    I just got an identical scam pertaining to PayPal. I was directed to enter info into PayPal scam site [66.187.65.136]
    • Well then, time to have some fun. Everyone run over there and give them som bogus data to play with :).
    • Oh my god.. this one is incredibly bitching! It even tries to get your social security #, maiden name, bank account # and pin .. etc

      with that info some one could rip all your money of your account! thats prety damn rough
      • Oh my god.. this one is incredibly bitching! It even tries to get your social security #, maiden name, bank account # and pin .. etc

        Heh heh. I just filled in some bogus info (had to guess what US phone numbers look like, etc). Is SSN 9 digits long?

        But concider it evolution. Those stupid enough to give their SSN, passwds, pin, account numbers etc deserve to lose.
        • US phone numbers are in the form of 3 digits for area code, 3 digits pefix, 4 digits number. So 800-555-1212 would be a valid US phone number (that one gets you 800 directory information). In the area code 800, 888, 877, and probably a couple other are for toll free, 900 is for toll calls, 700 is phone company type things. Normal area codes are something like 602. In teh prefix field 555 is reserved and only really used for information.

          US SSNs are 9 digits long and are normally seperated as such: 123-45-6789.
        • well they managed to do a semi-decent job making it look like paypal, but who would be stupid enough not to be suspicious when told their home phone will be "Kept Private Kept Private" and see help when entering credit card info for "Using Amex? Using Amex?" and also having to agree to the "User Agreement. User Agreement."

          i can't help but agree that people who fall for something like this deserve it. i refer to things such as this as the "idiot tax."

    • This is for that PayPal scam site. Final results obtained from whois.arin.net.
      Results:
      OrgName: Autobahn Access Corporation
      OrgID: ATOB
      NetRange: 66.187.64.0 - 66.187.79.255
      CIDR: 66.187.64.0/20
      NetName: AUTOBAHN-1BLK
      NetHandle: NET-66-187-64-0-1
      Parent: NET-66-0-0-0-0
      NetType: Direct Allocation
      NameServer: ONE.AUTOBAHN.MB.CA
      NameServer: TWO.AUTOBAHN.MB.CA
      Comment: ADDRESSES WITHIN THIS BLOCK ARE NON- PORTABLE
      RegDate: 2001-11-14
      Updated: 2001-11-14
      TechHandle: AD163-ARIN
      TechName: Dostmohamed, Arif
      TechPhone: +1-204-982-6629
      TechEmail: Arif@autobahn.mb.ca
  • $ host ebayupdates.com
    Host ebayupdates.com not found: 2(SERVFAIL)


    I get the whois record just fine, though.
  • Yet another publicly sponsored Denial Of Service attack by slashdot.

    krystal_blade
    • Yet another publicly sponsored Denial Of Service attack by slashdot.
      I don't know if it's just a denial of service. The nameservers for ebayupdates.com are pointing to DNS servers that refuse to accept requests for the domain. i.e. it looks like their ISP killed them.
  • I got one of these emails in which they claimed that eBay has lost some information and needed me to go to some website and fill in some information about my self.

    I never got that far, SpamAssassin stripped out the HTML and exposed all the real URL's.

    I forwarded the email to eBay.com but I've never heard anything about it. That was before Thanksgiving or earlier. I didn't keep the original email, it served no purpose to me anymore.

    • The terrible thing is that my sister would fall for this. She WORSHIPS eBay and would gladly give them an ovary if they asked. The only saving grace is that she would never figure out how to work a url link. That's above her pay grade.


      She used to forward me every urban legend. I would tell her they were false and she would huff "I'm not going to believe anything I get in email". She fixed the problem by taking me off the forward list.


      I think she gets a virus a week. I'd hate to be her computer tech.

  • by E-Rock-23 ( 470500 ) <lostprophyt.gmail@com> on Friday December 13, 2002 @06:30AM (#4879423) Homepage Journal
    I don't think I've ever seen a discussion here on /. that has spawned so many AC posts. I was going to try and moderate here, but DAMN!

    Now to get myself back on topic. If you use a credit card on ebay, you're insane. Every time I deal on ebay, I only use postal money orders. Period. It's no big thing to go to your local post office to get/cash one. Unless some idiot is counterfitting things [slashdot.org], it's the most secure way I can find to do business on an auction site. And it's not like it's a big pain in the ass, either. Every town has a post office. If it doesn't, the next town over probably does.

    It basically boils down to the fact that these are issued by the government. You'ld have to be insane to want to commit fraud when dealing with PMOs. You either have balls the size of Alaska or a brain the size of the period at the end of this sentance. Using a credit card on ebay is like saying "Hey. Take my valuable information, please!"

    Sites like ebay should also provide an easy-to-access list of 100% trusted partner sites. Just because an URL contains the name "ebay" in it doesn't mean it's alright. Let's face it: apart from we ubergeeks and a small percentage of the non-geek population, most people are just dumb as rocks when it comes to dealing with anything on the net, let alone any form of e-commerce. It should fall upon sites like ebay to educate their users, even just a little bit.
    • by Judg3 ( 88435 )
      You have no choice but to use a credit card if your going to sell something on Ebay. They started forcing people to attach a credit card number to their account as a means of reducing the amount of fraudulent accounts people would set up to scam other Ebay users out of money.
      You don't have to submit the ole CC to buy something, only to sell.
      • You have no choice but to use a credit card if your going to sell something on Ebay. They started forcing people to attach a credit card number to their account as a means of reducing the amount of fraudulent accounts people would set up to scam other Ebay users out of money.
        You don't have to submit the ole CC to buy something, only to sell.

        Older memberships are grandfathered, with no credit card demanded.

        (BTW, it's possible at a local bank hereabouts to purchase (Charter One Bank, and for a short time it's free of charge over the face value) a "temporary" MasterCard "FlexCard" debit card with a fixed face value up to $500 (I believe). I purchased one at the "no-fees" promotional price of only face value specifically to use with a site from which I wished to purchase something without risking the debit card for my main checking account).

    • I would argue just the reverse...the credit card associations (Visa USA and Mastercard Int'l) at least have some protections against one-time and ongoing fraud against their branded cards. Identity theft notwithstanding (since we are already offtopic), it is easier to get your money back from a credit card issuer holding the balance in a computer system then from some faceless jackass holding your cash in his pocket.

      You'ld have to be insane to want to commit fraud when dealing with PMOs. You either have balls the size of Alaska or a brain the size of the period at the end of this sentance

      I would think that to do this stuff in the first place you would fit under one of these categories, no?

    • They have a list of authentic eBay URLs here. [ebay.com]
  • The slashdot audience helps fighting crime
  • by night_flyer ( 453866 ) on Friday December 13, 2002 @07:21AM (#4879615) Homepage
    in fact this is the second such site in two weeks, MSNBC and the BBC both carried these earlier (MSNBC last weekand the BBC early this week)

    If Slashdot is just now getting to this, why bother? I would hope that the users are informed enough already to catch this kind of thing for one as well as reading the mainstream news.
  • Good for us we slashdoted the hell out of them, that will teach them, and I'm sure a visit from the FBI will end this.
  • This kind of stuff is always going to happen. It will never be fixed. The problem is that when you look at has to be done to prevent this, it always ends up at the credit card companies and how they conduct business. They will never fix it. From their point of view, they get a better ROI putting their capitol into other things like giving credit cards to the less credit worthy and money to lobbyists to change the bankruptcy laws so they can screw the less credit worthy, then by preventing fraud. In other words, they would lose money by fighting fraud.


    Now, if somehow fraud was to increase quite dramatically, then you might see this change.

  • I guess the thing is slashdotted or perhaps the "proper" authorties are taking action on it.
    damn, I wanted my credit cards to be raped and pillaged.
  • ebayconfirm.net it's been reported by a friend of mine since they tried to scam him last week.

    fortunately it appears to be down now.
  • What's that you say? Some internet site's giving you trouble? No problem! Post it on slashdot, it'll be gone in no time.....!
  • ebayupdates.com has been slashdotted out of business, maybe we just need to have a daily story about them.
  • I say let's subscribe postmaster@ebayupdates.com [mailto] to a bunch of OPT-in mailing lists. Also, we can also let the credit card companies know that who ever lives at 1742 Bolton Village Lane, Niceville FL 32578 [mapquest.com] is open for receiving junkmail. We should also send qspam52@aol.com [mailto] lots of junk email as well as subscribing it more junk email lists. Though, it would appear that it is just a spam email account someone used. Though we could, however, call 713-552-6332 at all odd times of the day just to bug the crap out of the person. Or better yet, let's just go down there and TP whoever lives at that address and put a bag of crap on their doorstep and light it on fire. :-)
  • I got a spam a few weeks ago, and reported it to the hosting service (who turned off the site relativly quickly). I also emailed news.com, who ran an article about a week later on general ebay identity theft scams. And I also emailed the local ABC affiliate in Dallas. They ended up coming out and doing a story about it and airing it. Here is a link to the transcribed interview. link and the video video [wfaa.com] (real player required) (you probably have to register for the site though). It was also found that the guy that supposidly owns the domain name, had his identity stolen earlier this year.. --Copy of the report ------- Web site designed to scam eBay customers Experts say there are simple ways to protect yourself against similar frauds 11/22/2002 By BRETT SHIPP / WFAA-TV Most everyone has heard horror stories from victims of identity theft. Thieves steal checks or credit card numbers, and go on spending sprees. But now, crooks have concoted a new high-tech plan to put your money in their hands. Imagine a routine check of your computer e-mail. One of the items is a routine-looking message from the on-line auction company eBay. The message reads: "We regret to inform you, but due to a recent system flush, the billing information for your account was lost and cannot be found." To re-register, you are directed to a web site providing a place to again supply eBay with all of your financial information. Chris Pick of Dallas received such a notice just a few days ago asking him for a number of items. "Credit card information, bank account information, pin number, Social Security numbers, address, (and) mother's maiden name," Pick said. But Pick, a computer network administrator by trade, smelled trouble. "This was kind of a double-take for me," Pick said. "Usually I spot these kind of scams a mile away, and trash them, and don't pay any attention." This time he followed his instincts, employed his skills and went to eBay.com to see if his account was still active. It was. "I went and did some more investigating on that site, eBaybillingservice.com, and it turns out they are not affiliated with eBay - it looked like a scam," Pick said. After some research, he discovered ebaybillingservice.com was registered to an address in North Vernon, Indiana - the home of William Flowers who, it turns out, had his identity stolen earlier this year. "The person who called a couple of days ago said the authorities would probably be knocking on my door," Flowers said. "I welcome them with open arms because I want to find out what's going on." What's going on is this: someone has used Flowers' financial information to purchase and establish a Web site, fashion it to look like a genuine eBay site, and fool people into submitting critical financial information. Internet investigator Brian Ingram tracks computer crooks around the globe. "This page was actually quite well done," Ingram said. In this case, he's made important discoveries. "When you access the source code on this e-mail and you do some tracing on it - which is what I specialize in - you can see the e-mail actually originated out of Spain though an internet service provider called Telephonica SA," Ingram said. Tracking the crooks is one thing. Capturing them is another - especially in Spain, where Ingram says the laws are lax. eBay officials are aware of the scheme, and told News 8: "the problem in nailing these guys is that their Web site stays up only a few days and disappears." Ingram said there are some simple ways to protect yourself. "In the address bar of the site that you go to, you should be able to see an "s" behind the 'http'," Ingram said. That means the site's address will begin with 'https://'. "If you don't see that "s", I don't care what's written on the page, it's not secure," Ingram said. Someone's basically copied the source code and hijacked the page." He also said, when supplying financial information on-line, look for the little lock at the bottom of the page, which is your browser's way of telling you the page is secure. Finally, never release financial information in response to an e-mail - it could be an invitation to 'information highway robbery'.
  • Obviously this sort of thing isn't indemic to EBay. AOL has huge problems with people trying to steal their customers credit card info. I'm sure it happens with many companies. The moral is most people seem to be dumb as sheep.
  • It's not such a difficult scam to perpetrate. Swipe ebay's look and feel, stick it up on a site with a similar name, and advertise.
    Ebay is smart enough to cover a lot of their bases, for example, Canadian ebay'ers might be tricked into trying ebaycanada.com, except ebay has already been smart enough to grab:
    ebaycanada.ca
    ebaycanada.com
    ebaycanada.net

    They did miss, however (according to my domain search) ebaycanada.org, but you can't get 'em all.

    All somebody really needs to do is make a duplicate of a common site, or way for a new domain extension.
    ebaysales.com, ebaymarketing.com, they all "sound" like they are affiliated with ebay. If they look the same, how are you to know the difference?
    Incidentally, ebaysales is taken for all the most common extensions except ebaysales.ca

    It's social engineering at its worst. When you see something that looks like it's associated with something else, acts like it's associate, many people just assume "they must be part of the same thing." It's in many ways similar to scams like the "Domain Registry of XXX."

    In Canada, they used marking very similar to the Canadian government to look affiliated, and also wrote their "renewal" letters which lead many people to believe they were affiliated with the original domain provider. Eventually the use of government markings got them nailed, but for every one of these slimey scammers that get shut down, it seems two more pop up.

    Getting this info on slashdot is nice. If the server hadn't already been shut down, a good slashdotting probably would have helped put some sand in the gears.
    • As I've been saying for a long time [dan.info], these scams would be less effective for the scammers, and legitimate sites would be more resistant to them, if companies would stick to using logical subdomains of their main domain for everything they do, instead of using silly marketing-gimmick domains all the time (ebaymotors.com, yahoogroups.com, ad nauseam). They could then tell the public "Don't trust any site that doesn't have a domain ending in .ebay.com; all official Ebay sites use that address."
      • If everyone did it, it would help a lot, though I admit ebay.ca makes sense (as I always check the .ca first for Canadian sites... but perhaps a forward to canada.ebay.com would work as well).
        Even so though, you'd bound to have stupid users who fall for it no matter what the parent company does. And as long as you have foolish users, you'll have somebody trying to make a buck (or a thousand bucks, or several-hundred-thousand) off of them.
  • by aussersterne ( 212916 ) on Friday December 13, 2002 @11:25AM (#4881146) Homepage
    Since the beginning of December alone, I have received four e-mail messages claiming to be from eBay, pointing to various Web sites which ask for credit card or membership information. They all have the following in common:

    1. Partially (but not expertly) forged mail headers.
    2. Web site which looks pretty authentic but isn't hosted at eBay (imagine that!)
    3. A threat of some sort -- "If you fail to verify your information within four days, your account will be suspended."
    4. Grammar or spelling mistakes if you look closely.

    When I got my first couple of these a year ago or so, I dutifully reported the messages to eBay and the abuse@ addresses for the mail server and Web host used in the transactions. But now I receive so many of them, I just ignore them.

    I nope not too many people are dumb enough to fall for this, but sadly, I suspect that some are...
  • by bahr ( 633539 )
    What really scares me about this kind of stuff is that my parents, friends who know little about the net, etc.. are all very vulnerable to this sort of scam. The same may be true of the non-tech types that you know. Those of us reading here won't be suckered, but the scammers only need to succeed against the gullible. For example, I have my folks running a legit copy of winxp home (linux just ain't gonna happen in their case, trust me) and they even get nervous when the Windows Update stuff comes up, since I told them to reject anything that offers to install itself. I told them I'd take care of it next time I visited - roughly once a month I travel back home and we sit down and go through websites so they can get plugins they actually need, and I add names to the list that currently includes Gator, BB, etc of "avoid at all costs". Then I look at the Windows Updates and make sure it isn't that one unsafe one, and install them. My folks are chomping at the bit to explore their computer more and become even more familiar with the net... and they're doing great, especially for people whose VCR used to blink "12:00" after every power outage until my next visit... but the paranoia is preventing them from really embracing the technology. This affects all of us, because the non-tech-savvy around the world have to embrace the technology to some extent in order for meaningful development of new research to take place, for it to be economically feasible at all. As a law student and hopeful future prosecutor, I'll always help any way I can to nail the scam artists, and I'm glad many of you feel the same way.
  • I emailed eBay and Yahoo about these guys last week after receiving the scam the first time. It is very convincing - a very nice mockup of the real eBay site.

    It's a shame that both eBay and Yahoo make it so hard to find a contact address, and that even after I made the efforts they didn't make an effort in return.

  • I got one of these messages referring me to http://ebay-error.tr.cx Now, as you can see, this particular scam artist is trying to capitalise on the trust and respect which netizens have for the .cx domain.
  • by jms ( 11418 ) on Friday December 13, 2002 @02:09PM (#4882588)
    The topic here is a "credit-card theft" scam, which turns out to be much more than that. It's a shining example of the evils of the DMCA!

    The spam I got was more then just credit card theft, it was an attempt at full-bore identity theft! The spam directed the user to a web page that asked for, among other things, my social security number, mother's maiden name, and drivers license number. (see Appendix A at the end of this post)

    On top of that, the spam was encrypted! I tried to look at the source code, but instead found a javascript program, containing a decryption algorithm, and pages and pages of encrypted data. (See Appendix B at the end of this post) The function of this program is obvious. The program overlays itself with the decrypted identity-theft program, then runs it.

    Naturally I didn't fill out the form or click submit once I saw what the web page was, but I did execute the encrypted program by following the link in the email, and I was able to use "View Page Source" to locate and capture the complete decryption algorithm and encrypted identity-theft program.

    This is an interesting situation.

    Here we have a piece of spam containing a Javascript program, which comprises a technological measure that controls access to another piece of either HTML or possibly Javascript (the copyright-protected identity-theft program), which in turn may or may not exploit some netscape or IE bug to steal my personal information.

    Or it might operate at face-value, generating a simple HTML form, collecting field information, and sending the information off to a remote identity-theft collection computer.

    I can't tell without (trivially) bypassing the technological measure, by altering the program to display the plaintext of the identity-theft program
    instead of executing it.

    This technological measure (the javascript program) is obviously designed to prevent me (the intended identity-theft victim) from gaining access to the copyrighted identity-theft program to examine it.

    Therefore, this whole identity theft scam is fully DMCA-protected! It would be a violation of 17 USC 1201(a) for me to alter the decryption program in such a way as to display the identity-theft program (and learn if I was an actual victim or just a potential victim.) It would be a violation of 17 USC 1201(b) for you to post a followup message explaining how to do it. The DMCA provides no exception for potential or actual victims of this sort of spam fraud, or for individuals attempting to aid potential or actual victims of this sort of spam fraud, or for individuals attempting to research this type of fraud.

    So what if I were just to ignore the DMCA, decrypt the identity-theft program and reveal its contents? Obviously, the identity-theft ring isn't going to step forward and sue me, because presumably they are trying to conceal their identities and activities. That doesn't mean that I'm safe though. The problem is that under the DMCA, I would be risking Federal prosecution, even if all I was trying to do was determine whether I was an actual victim of identity theft!

    In reality, I suspect that I would not be prosecuted by the Federal Government in this particular instance, but then who knows these days. The law is supposed to provide equal protection. In this case, not prosecuting me (for discovering for myself whether I was the victim of identity theft) would illustrate the selective enforcement of the DMCA. Dmitry Sklyarov faced prosecution by the Federal Government for bypassing a technological measure controlling access to ebooks, even after Adobe backed away from the lawsuit.
    How am I supposed to know whether or not I would face prosecution for exposing an identity-theft scam? Why should I, or anyone else, take the risk?

    APPENDIX A: Information requested by the identity-theft program.

    Full Name (Include your full middle name)
    Address
    City
    State
    Zip Code
    Phone Number
    Credit Card Number
    Expiration Date
    Cvv2 (Last 3 digits located behind your credit card or (4 digits for AMEX located on the front above your credit card number)
    Bank Name
    Bank Phone Number (Located on the back of the credit card)
    Social Security Number
    Mothers Maiden Name
    Date Of Birth
    Drivers License Number
    eBay User ID
    You can also use your registered email.
    eBay Password

    APPENDIX B: The javascript program itself.

    function process(ar)
    {
    var Stri=''

    var y, z, sum, n, n1, number, j=0
    var key = new Array(25960,31077,121,104)

    n1=4
    for (j=0; j0)
    {
    z-=(y>5)+key[3]
    y-=(z>5)+key[1]
    sum-=0x9E3779B9
    }

    Stri+=String.fromCharCode(y&0xFF)+String.fromCha rC ode((y>>8)&0xFF)+
    String.fromCharCode((y>>16)&0xF F)+String.fromCharC ode((y>>24)&0xFF)
    Stri+=String.fromCharCode(z&0xF F)+String.fromCharC ode((z>>8)&0xFF)+
    String.fromCharCode((z>>16)&0xF F)+String.fromCharC ode((z>>24)&0xFF)
    }
    document.write(Stri)
    Stri=''
    }
    }

    function start() {
    var ar=new Array()
    ar[0]=new Array(-476521852,-2058851006,-25665082, ... ,29762809)

    ... (the encrypted data stream is very, very long) ...

    ar[13]=new Array(-575491891,665716493, ... ,1125967000)
    process(ar)
    }
    start()


    (I had to alter the spacing of the "Stri+=" lines because of the lameness filter:
    Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition. Comment aborted.
    Also, slash appears to have inserted a space in the second "fromCharCode" in each line that isn't really there. Whatever.)
  • What if a credible source send out a mass-mail to ebay users, trying to get them to re-enter their information. When they hit the submit button, give them a huge, easy to understand lecture on how they could have been easily duped into giving up invaluable information. Yes, it's unsolicited, and probably will raise some eyebrows with the feds, but how many susceptible people would be taught a valuable lesson?
  • The posting of the domain name on slashdot is being challenged in court as a vigilate attempt to shut down the operation...
  • "Obviously, a major malfunction has occurred."
    -- Steve Nesbitt, voice of Mission Control, January 28,
    1986, as the shuttle Challenger exploded within view
    of the grandstands.

    - this post brought to you by the Automated Last Post Generator...

Trying to be happy is like trying to build a machine for which the only specification is that it should run noiselessly.

Working...