Another Sort of Ebay Phishing Fraud

bmattock

bmattock

Veteran
Local time
10:18 PM
Joined
Jul 29, 2003
Messages
10,654
Location
Detroit Area
View My Gallery
Just FYI - this one actually caught my attention for a few moments until I figured out that it was fake. Please, please, please - DO NOT CLICK ON LINKS IN EMAILS!!!


eBay Unpaid Item Strike Received: #5786954683

You have received an Unpaid Item strike

You were the winning buyer on eBay item #5786954683, DKU-5 USB CABLE for NOKIA 6610i . The seller, t-dimension1 has informed eBay that payment for the item has still not been received, or that the two of you were not able to come to agreement. As a result, you have received an Unpaid Item strike.

Remember, Unpaid Item strikes may result in your suspension from eBay.

You can appeal this Unpaid Item strike if you believe it is not deserved. First, read the requirements for appealing the strike. If you meet them, you can submit your appeal on that page. If your appeal is successful the strike will be removed.

If you have recently paid for the item number listed below or do you feel it to be a mistake, you can Remove the Unpaid Item Strike Now.

Regards,
The eBay Team
Click to expand...


The link in question does NOT GO TO EBAY. It goes to:

iqnet6.cli.rdspt.ro [81.196.121.135]

This is NOT ebay, it is in Romania, and it is run by crooks. They set up a web page that LOOKS like ebay's, but they ask you to "log in" with your user name and password. And then they use that to run fraudulent ebay auctions with YOUR NAME and feedback. By the time you figure out that you've been 'selling' on eBay, you're getting a visit from the FBI for investigation of fraud.

DO NOT CLICK ON LINKS IN EMAILS - EVER!

Best Regards,

Bill Mattocks
 
I get similar emails about once every 2 or 3 days.. and the latest is one where they say there was some sort of unathorized activity on your account.. "please click here to log in".. same thing for paypal

there are entirely too many scumbags out there trying to take your money
 
Brett,

I get those too - but this one was the first 'unpaid item strike' message I've gotten, so I thought I'd post it. Just looks somewhat different from the rest - a bit more 'authentic' looking, even though I *never* click on links in email.

Just trying to pass it along. I'd shrug and figure ever buddy knew about it by now - but we keep reading posts by people who got zapped, so I presume many have not read or heard about these scams yet.

Best Regards,

Bill Mattocks
 
It was heartening last week to get email, click on the redirect (on a computer I have that has no personal information) and be directed to a phishing site that had already been shut down.

In other words, before I even got out to the site, someone else had reported it and the ISP had shut 'em down. First time that had happened.
 
Good word, Bill. I don't like to retaliate, but sometimes I really want to teach those "phishermen" a lesson.....But then I realize - I don't have time. 🙂
 
I think it is quite common for people to send spool email faking it is from eBay or something. Two weeks ago I got a spoof telling me I have to pay an unpaid $1800 lawn mower from eBay. There is a link from the eBay website to report spoof email and you should let eBay know.


Flowen
 
I have lost count of how many scam messages I get with either Ebay or Paypal allegedly asking for personal information. The big problem is that I get the Ebay ones at an e-mail address which does not associate with any Ebay account, and I don't have a Paypal account.

I also get countless attempts which appear to be from banks with whom I've never had an account. I don't click on them. Yes, I'm sure that the responsible web providers shut these down as fast as they are reported.

It's too bad that Ebay (and the web in general) has become such a haven for such con artists. 🙁
 
I got a PayPal phishing e-mail today on my state government e-mail address. It's amazing the energy these people put into crooked schemes. If only they would use their knowledge and time for good.

Brian
 
Wow, Natalia goes iPod, a nice red one! Happy with it?

To the subject, I got an email from Western Union: 'Re-submit your account information' including passwords etc. I never liked that organisation, but this proves it again...
Maybe their question was semi ligit, but it is too much data for them, not from me!
 
laptoprob said:
I got an email from Western Union: 'Re-submit your account information' including passwords etc. I never liked that organisation, but this proves it again...
Maybe their question was semi ligit, but it is too much data for them, not from me!
Click to expand...
Rob, your email was most certainly not from Western Union; a typical phishing expedition! Not legit at all... WU surely will never request submitting account info.
 
Whois has started ...

% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag

% Information related to '81.196.121.128 - 81.196.121.255'

inetnum: 81.196.121.128 - 81.196.121.255
netname: RO-Aprov-PITESTI
descr: S.C. Aprov Grup Serv S.A.
country: RO
admin-c: BC469-RIPE
tech-c: BC469-RIPE
tech-c: RDS-RIPE
status: ASSIGNED PA
mnt-by: AS8708-MNT
mnt-lower: AS8708-MNT
source: RIPE # Filtered

role: Romania Data Systems NOC
address: 71-75 Dr. Staicovici
address: Bucharest / ROMANIA
phone: +40 21 30 10 888
fax-no: +40 21 30 10 892
e-mail: contact-tech@rdsnet.ro
admin-c: CN19-RIPE
tech-c: CN19-RIPE
tech-c: GEPU1-RIPE
nic-hdl: RDS-RIPE
mnt-by: AS8708-MNT
remarks: +-----------------------------------------------------------+
remarks: | ABUSE CONTACT: abuse@rdsnet.ro IN CASE OF HACK ATTACKS, |
remarks: | ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC. |
remarks: +-----------------------------------------------------------+
source: RIPE # Filtered

person: Bold Cornel
address: Aleea Razboieni, Nr. 20 bis.
address: Pitesti, Arges
phone: +40-248646811
fax-no: +40-248646811
e-mail: biff@xnet.ro
nic-hdl: BC469-RIPE
mnt-by: AS8708-MNT
source: RIPE # Filtered

% Information related to 'RDS-RIPE'

route: 81.196.0.0/16
descr: RDSNET
origin: AS8708
mnt-by: AS8708-MNT
source: RIPE # Filtered
 
hmm, it's quite amazing what that program can do, popeye.
The address can very well be valid, as well as the phone number looks real. It's a guy probably a worker using the resources of a company (S.C. Aprov Grup Serv S.A.
, also indicated by existence of a fax no.) for this stuff.
 
I always log into those phishing sites and enter a phony username and password, usually with something like "hey a**hole, *bay is gonna nail yer a**" or something more extreme, depending on my mood. Then I forward the fake mail (with extended header) to spoof@ebay.com.
 
Pherdinand,

The loverly GUI interface of Network Utility makes all those Unix chores too easy.

It's possible that a zombie is hosting the site without the owner's knowledge.

And yes forwarding *Bay the msg is the best bet (instead of doing a dd0s or mail b0mb!ng oneself... ;p)
 
You must log in or register to reply here.
Back
Top Bottom