Bunch of Phony Leica Auctions

S

Stu W

Well-known
Local time
1:23 AM
Joined
Sep 18, 2005
Messages
680
Location
Brooklyn, New York
View My Gallery
As per Bill and others, don't click on this site! This guy has 2 pages of high end stuff for sale, and as per Bill just clicking on it can hijack your account. The seller is 33rence and the preview pic is a red arrow. Stu
These are great. Here is one link by this seller.
http://cgi.ebay.com/Leica-M6-Titan-...Z4879386760QQcategoryZ306QQrdZ1QQcmdZViewItem

All the others are just as phony. 100% positive feedback too.
 
Last edited:
It is not just phony - it is full of hijack attempts. Do not look at this auction or you may have real problems. Using linux kept my browser from being attacked. Do not go here. Do not click on the link above.

Best Regards,

Bill Mattocks
 
Sorry, had to leave the house for work, didn't mean to leave you guys hanging. The auction is not like any I've seen before - it seems that the entire top of the web page has been overlaid with a javascript frame that is simulating the ebay functions - you actually get the popup email if you click anywhere on the whole top of the page. I only figured this out because with Firefox / Linux, you get a dotted line outline of the javascript overlay. My guess is that this is either a test or it was a failure - not much danger in having an email window pop up that I know of - unless it is MS Outlook specific and has run a macro on your Outlook, in which case you may have got a dose, mate. I'd run a virus check on your PC if you have a virus checker (and if not, shame, shame).

This is fiendish and really quite clever, it makes me very nervous. Took some serious programming effort to do this.

My best advice is now that the auction has been identified, notify eBoy and don't click on this auction - anywhere on it.

Best Regards,

Bill Mattocks
 
The link is still clickable.
I would think his real attempt will be for you to click on the sign in button in order to bid. Afterall, since it really is on the auction site that's the last place you would expect to be directed to a phony sign-in page.
 
Last edited by a moderator:
Nick R. said:
The link is still clickable.
I would think his real attempt will be for you to click on the sign in button in order to bid. Afterall, since it really is on the auction site that's the last place you would expect to be directed to a phony sign-in page.
Click to expand...

That was my thought, but the link (which is the whole top of the page, not just the 'see my other auctions' line) only pops up the email sender, which I am guessing means the link is a 'mailto' protocol and not a 'http' protocol. But if so, it had to have been a mistake on the part of the scammer - they would have intended to redirect you to a phony 'login' screen somewhere.

OR....

If the javascript had run the way the scammer intended, it may have been meant to display a phony login screeen as an overlay to the overlay already being displayed (remember, the entire top of the screen is now fake), so even the most paranoid would think it was a 'real' login screen. Then it would invoke the emailer silently to email the user name and password back to the scammer. Just a guess, I did not trap the code and don't have the time to take it apart anyway.

In any case - dangerous. I recommend staying away.

Best Regards,

Bill Mattocks
 
I still wouldn't recommend trying it but I suspect it might be something simpler. The seller gets you to send and email and then he offers to sell off line and you will started getting spammed out of existance. It's another variation on the "you must email me direct before you bid or I will remove your bid" theme.

Kim
 
Kim Coxon said:
I still wouldn't recommend trying it but I suspect it might be something simpler. The seller gets you to send and email and then he offers to sell off line and you will started getting spammed out of existance. It's another variation on the "you must email me direct before you bid or I will remove your bid" theme.

Kim
Click to expand...

A lot of work to create a complete overlay written in Javascript to fake the top half of an eBoy auction, just to collect an email for spamming purposes. I'm not saying it could not happen, just comparing the sophistication of the attack to the anticipated results.

Best Regards,

Bill Mattocks
 
You must log in or register to reply here.
Back
Top Bottom