Scamming Ebay Ratbastards from Hell

[polksda]

These slimeballs are good.... really good.

Headed to the CD category on Ebay. The first listing below looked bizarre (image blurred for decency purposes).




Being curious, I clicked on the auction link and ended up at the page below:




Now, this took me aback for a second, and then I saw the URL in the address bar.

The bastards have programmed a redirect into their auction text.

I was able to do a "Save Link As..." and save the source code for the listing page. It's actually plain HTML, part of an IMG tag:

<img src=http://pics.ebaystatic.com/aw/pics/s.gif onload=location="http://holaamigo.50megs.com/main.html">

Hopefully Ebay will implement some parsing to eliminate this loophole.

Be careful out there folks...

[And yes, I reported it to Ebay immediately]

[wingnut4772]

Wow. That's actually pretty smart on their part. I hope they get caught.

[Shizelbs]

Have fun in prison *******s.

[neomagus00]

i've never actually seen phishing in action... thanks for the tip!

[polksda]

Have fun in prison *******s.

I doubt that anyone will be caught, let alone be punished.

If you look at the URL, it's hosted at 50megs.com, a free hosting site. These pricks set up an account, use it to glean information until the account is shut down, then they move on to another host.

I've reported email-based phishing scams to several free hosts out there that have been hosting these criminals, and the free hosts don't care. I suspect that some of the free hosts (or staff members) are in cahoots, given the lack of action...

[bobman1235]

Email based phishing is one thing. Actually hosting it on eBay's site might piss them off to make them pursue it. How far they'll get is another story, but technically they coudl get the FBI involved.

[Shizelbs]

[QUOTE=polksda]I doubt that anyone will be caught, let alone be punished.
[QUOTE]

I doubt it also, but you never know. I certainly hope so though.

[MacLeod]

Forgive my obtuseness, but is the scam where you click on the auction and are directed to their phony login screen and when you try to log in they have your name and password?

[Tour2ma]

EDIT: That's pretty much it, Mac...

Love how the scammers never have learned how to spell...

Anyone else been getting those "ebay" phish-mails that look like an ebay message and start with something along the lines of:
"I need to hear from you about the 'such and such' that I won in your auction #123456."

[MacLeod]

Yikes!

Ive had one of those only once so far back when I was on AOL a couple years ago. I got an email telling me my AOL account was about to be canceled due to a credit card being declined and I had to re-enter all my stats. The link took me to a website that looked identical to AOL's and asked for passwords, credit card numbers and the whole shebang!

I didnt trust it so I called AOL and asked them and she said it was definitely a scam and got all the info and said their security department would look into it.

It looks like their getting better with these scams. I wonder how many poor saps got suckered into this one?

[Polkersince85]

If you have any doubts, change your passwords to make things hard for them. Stay ahead of them and watch the URL's.

[neomagus00]

even the URLs aren't a sure thing, unfortunately... a clever programmer can hide those, too, which is really frightening...

i personally have all my websites remember me with a cookie (with appropriate security settings, naturally)... that way, it logs me in automatically, and if i see another login screen after that it makes me suspicious by default...

[Polk65]

The sad part is, it was probably done from an internet cafe via proxy.

It's a bold scam and a reminder not to surf the internet high. :)

[Moreants]

I keep this as a notepad file on my desktop. Just open the file and copy and past this text in the url box to confirm the actual site.


javascript:alert("The actual URL is:\t\t" + location.protocol + "//" + location.hostname + "/" + "\nThe address URL is:\t\t" + location.href + "\n" + "\nIf the server names do not match, this may be a spoof.");

[mldennison]

thats a great little piece of code! thanks!

[Tour2ma]

That is pretty cool... I wonder why ebay and others sites that are heavily spoofed don't advertise this code's existence?

On the other hand, according to it, this Polk Audio page is a possible spoof... but then I guess we knew that... ;)

[bobman1235]

On the other hand, according to it, this Polk Audio page is a possible spoof... but then I guess we knew that... ;)

It's just the root (the www.polkaudio.com part) that is supposed to be compared... I get that being the same... so Polk isn't a possible spoof. It's just checking the host name, not the entire URL.

[1996blackmax]

These kind of people really get under my skin......