New EBay scam, it's a good one!
New EBay scam, it's a good one!
I typically get emails from EBay concerning questions about items I have for sale. The scammers have duplicated that page now. When you respond and log in they have your user ID. You will not be able to get you answer to go anywhere when you hit try to send it!
Next day I had a confirmation of a listing for motorcycle! Odd ad, you could not bid without contacting his AOL address, or he would remove the bids
Well, got it all resolved now. Passwords changed with the help of my son. He just got out of the Air Force after ten plus years working on networks!
As well as my computer is protected and updated (Norton, Sygate Firewall, Spybot, etc) a worm was in my computer allowing backdoor access. They could have been using a keystroke logger and gathering all my personal info!
Casey showed me that in less than 2 seconds he could pull every password out of my computer with a program just like the hackers use. A password with just letters and numbers is easy to crack. He recommends:
Upper and lower case letters numbers
!@*&^%$, type characters. These take linger to crack and they will give up, afraid that they will be noticed working in the background.
Where are these guys from? India, Pakistan, you name it. He watched a video in the Air Force where they interviewed one of these hackers. He said he may go a week with no luck and then hit a computer that will make a years income for him!
Watch out!
Next day I had a confirmation of a listing for motorcycle! Odd ad, you could not bid without contacting his AOL address, or he would remove the bids
Well, got it all resolved now. Passwords changed with the help of my son. He just got out of the Air Force after ten plus years working on networks!
As well as my computer is protected and updated (Norton, Sygate Firewall, Spybot, etc) a worm was in my computer allowing backdoor access. They could have been using a keystroke logger and gathering all my personal info!
Casey showed me that in less than 2 seconds he could pull every password out of my computer with a program just like the hackers use. A password with just letters and numbers is easy to crack. He recommends:
Upper and lower case letters numbers
!@*&^%$, type characters. These take linger to crack and they will give up, afraid that they will be noticed working in the background.
Where are these guys from? India, Pakistan, you name it. He watched a video in the Air Force where they interviewed one of these hackers. He said he may go a week with no luck and then hit a computer that will make a years income for him!
Watch out!
-
- Posts: 1126
- Joined: 16 Nov 2001 1:01 am
- Location: munford, tn 38058
your right ken; i sell and buy alot of stuff off e-bay so it took me a while for me to figuer it out. bad thing is that once they've got you, you have to change your password and sometimes screen name. i've been told buy e-bay that they have a machine that counts your key strokes when you log in and return there e-mail, its bad but i've limited my number of items i sell at one time and keep track of the real buyers.
its just the world we live in these days
its just the world we live in these days
Bob, I was not sure where to post this. Please move if not appropriate here.
From now on I will trash all emails from Ebay and PayPal. I will log into the sites to check for real activity.
Here is another wonderful one that Alltel.net is warning about!
W32/Mytob-FA is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-FA spreads through email. W32/Mytob-FA harvests email addresses from files on the infected computer and from the Windows address book. Email sent by W32/Mytob-FA has the following properties:
Subject line:
*DETECTED* Online User Violation
Email Account Suspension
Important Notification
Members Support
Security measures
Warning Message: Your services near to be closed.
You have successfully updated your password
Your Account is Suspended
Your Account is Suspended For Security Reasons
Your new account password is approved
Your password has been successfully updated
Your password has been updated
Message text:
Dear user <string>,
You have successfully updated the password of your <string> account.
If you did not authorize this change or if you need assistance with your
account, please contact <string> customer service at: <string>
Thank you for using <string>!
The <string> Support Team
+++ Attachment: No Virus (Clean)
+++ <string> Antivirus - [url=http://www.<string>]www.<string>[/url]
Dear user <string>,
It has come to our attention that your <string> User Profile ( x ) records are
out of date. For further details see the attached document.
Thank you for using <string>!
The <string> Support Team
+++ Attachment: No Virus (Clean)
+++ <string> Antivirus - [url=http://www.<string>]www.<string>[/url]
Dear <string> Member,
We have temporarily suspended your email account <string>.
This might be due to either of the following reasons:
1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due
to an internal error within our processors.
See the details to reactivate your <string> account.
Sincerely,The <string> Support Team
+++ Attachment: No Virus (Clean)
+++ <string> Antivirus - [url=http://www.<string>]www.<string>[/url]
Dear <string> Member,
Your e-mail account was used to send a huge amount of unsolicited spam messages
during the recent week. If you could please take 5-10 minutes out of your
online experience and confirm the attached document so you will not run into
any future problems with the online service.
If you choose to ignore our request, you leave us no choice but to cancel your
membership.
Virtually yours,
The <string> Support Team
+++ Attachment: No Virus found
+++ <string> Antivirus - [url=http://www.<string>]www.<string>[/url]
In the above message text samples <string> would be replaced with text aquired from the harvested email addresses.
The attached file consists of a base name followed by the extensions CMD, PIF, SCR, EXE or ZIP. The worm may optionally create double extensions where the first extension is DOC, TXT or HTM and the final extension is BAT, CMD, PIF, SCR, EXE or ZIP. The base filenames are randomly chosen from:
accepted-password
account-details
account-info
account-password
account-report
approved-password
document
email-details
email-password
important-details
new-password
password
readme
updated-password
From now on I will trash all emails from Ebay and PayPal. I will log into the sites to check for real activity.
Here is another wonderful one that Alltel.net is warning about!
W32/Mytob-FA is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-FA spreads through email. W32/Mytob-FA harvests email addresses from files on the infected computer and from the Windows address book. Email sent by W32/Mytob-FA has the following properties:
Subject line:
*DETECTED* Online User Violation
Email Account Suspension
Important Notification
Members Support
Security measures
Warning Message: Your services near to be closed.
You have successfully updated your password
Your Account is Suspended
Your Account is Suspended For Security Reasons
Your new account password is approved
Your password has been successfully updated
Your password has been updated
Message text:
Dear user <string>,
You have successfully updated the password of your <string> account.
If you did not authorize this change or if you need assistance with your
account, please contact <string> customer service at: <string>
Thank you for using <string>!
The <string> Support Team
+++ Attachment: No Virus (Clean)
+++ <string> Antivirus - [url=http://www.<string>]www.<string>[/url]
Dear user <string>,
It has come to our attention that your <string> User Profile ( x ) records are
out of date. For further details see the attached document.
Thank you for using <string>!
The <string> Support Team
+++ Attachment: No Virus (Clean)
+++ <string> Antivirus - [url=http://www.<string>]www.<string>[/url]
Dear <string> Member,
We have temporarily suspended your email account <string>.
This might be due to either of the following reasons:
1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due
to an internal error within our processors.
See the details to reactivate your <string> account.
Sincerely,The <string> Support Team
+++ Attachment: No Virus (Clean)
+++ <string> Antivirus - [url=http://www.<string>]www.<string>[/url]
Dear <string> Member,
Your e-mail account was used to send a huge amount of unsolicited spam messages
during the recent week. If you could please take 5-10 minutes out of your
online experience and confirm the attached document so you will not run into
any future problems with the online service.
If you choose to ignore our request, you leave us no choice but to cancel your
membership.
Virtually yours,
The <string> Support Team
+++ Attachment: No Virus found
+++ <string> Antivirus - [url=http://www.<string>]www.<string>[/url]
In the above message text samples <string> would be replaced with text aquired from the harvested email addresses.
The attached file consists of a base name followed by the extensions CMD, PIF, SCR, EXE or ZIP. The worm may optionally create double extensions where the first extension is DOC, TXT or HTM and the final extension is BAT, CMD, PIF, SCR, EXE or ZIP. The base filenames are randomly chosen from:
accepted-password
account-details
account-info
account-password
account-report
approved-password
document
email-details
email-password
important-details
new-password
password
readme
updated-password
As you state, Ken, since it is difficult to ignore such dire notices, even knowing the kind of bogus stuff that is circulating, you MUST delete the emails, unopened and then go to the site in question--ebay, paypal, your bank, whatever, directly through your browser/bookmarks and look for notices and announcements there. Log in and if they havew any issues with your account they will tell you then and there.
Like I say, it's hard to ignore warnings like these fake emails use--that's why the scam works. But just like if someone called you up and wanted some confidential info from you, you would at least tell them that you were going to hang up and call their office to continue the conversation, thus verifying their identity.
Like I say, it's hard to ignore warnings like these fake emails use--that's why the scam works. But just like if someone called you up and wanted some confidential info from you, you would at least tell them that you were going to hang up and call their office to continue the conversation, thus verifying their identity.
-
- Posts: 31
- Joined: 16 Nov 2005 1:01 am
- Location: Maryland, USA
- Contact:
To be fair, this isn't an eBay problem. The problem of "phishing" for information has been a serious one for several years and it seems to be increasing these days. The spam and phishing filters that are now part of most email packages seem to help, but some will still get through. You should never go to a link in an email message, or open an attachment, unless you were expecting it and have reason to believe it's authentic. The other major issue is with some web sites that are hacked and have errant code on them, but that's another problem.
There was a reference to "Key Loggers", which are small programs that can monitor your key strokes and then send them to someone in a mail message. These are a standard building block in the hacker's software kit, and the most famous was a trojan that was installed behind the scenes and waited for you to type a specific bank name. Once you typed that name it logged your key strokes for 90 seconds and sent the file home to mother. Their hope was to catch your login information as you go to the bank's web site.
There's a constant battle for everyone's identity on the Internet these days. All we can do is play safe and keep our heads low.
Steve
There was a reference to "Key Loggers", which are small programs that can monitor your key strokes and then send them to someone in a mail message. These are a standard building block in the hacker's software kit, and the most famous was a trojan that was installed behind the scenes and waited for you to type a specific bank name. Once you typed that name it logged your key strokes for 90 seconds and sent the file home to mother. Their hope was to catch your login information as you go to the bank's web site.
There's a constant battle for everyone's identity on the Internet these days. All we can do is play safe and keep our heads low.
Steve
-
- Posts: 4470
- Joined: 30 Jan 2002 1:01 am
- Location: Lake Charles, LA, USA
Got Hit one time Got Lucky only because I had to go to my ebay a couple minutes later and found that my password was no longer any good . Had to go in and change my info again.
If you click on an ebay link and it ask for any info out of the normal cut & run
------------------
Daniel J. Cormier Whatever D-10 I happen to have at the moment.
EVans FET 500 LV ,ProFex II
http://www.cajunsteelguitar.com email at djcormier@cox-internet.com
If you click on an ebay link and it ask for any info out of the normal cut & run
------------------
Daniel J. Cormier Whatever D-10 I happen to have at the moment.
EVans FET 500 LV ,ProFex II
http://www.cajunsteelguitar.com email at djcormier@cox-internet.com
- Ernest Cawby
- Posts: 3716
- Joined: 6 Aug 2003 12:01 am
- Location: Lake City, Florida, USA, R.I.P.
- Contact:
- Colm Chomicky
- Posts: 2476
- Joined: 11 Mar 2003 1:01 am
- Location: Kansas, (Prairie Village)
- Contact:
- Robert Leaman
- Posts: 585
- Joined: 21 Feb 2006 1:01 am
- Location: Murphy, North Carolina, USA
Since I installed Zone Alarm Security Suite, there are NO open ports on my computer. Steve Gibson's probe program, ShieldsUp, reports that my computer does not exist on the internet. I have no spyware, no adware, no viri, no trojans, no key loggers, etc. Yes, I receive spam and attempts to defraud but their headers tell me where to report those attempts. One good place to send things is www.uce@ftc.gov. Any thing that purports to be PayPal is sent to spoof@paypal.com complete with the header. I send some response and include copies to every abuse@anyISP.com that I can. Since I am retired with little or nothing to do and all day to get it done, it gives me a sort of perverse pleasure.
Note! I do not, repeat DO NOT, run MacAfee or any other security program such as Symantec (Norton). I expect that some will dispute this but, as always, there is no accounting for taste and/or substitute for success.
Note! I do not, repeat DO NOT, run MacAfee or any other security program such as Symantec (Norton). I expect that some will dispute this but, as always, there is no accounting for taste and/or substitute for success.
- Al Terhune
- Posts: 1085
- Joined: 8 Nov 1999 1:01 am
- Location: Newcastle, WA
Happened to me about a month ago! I was so pissed because I never fall for that crap, but when you've got someone inquiring about something you're selling, as said above, you let your guard down. It took me about two minutes to figure out I got screwed, so I went in and changed my ebay AND paypal passwords. Pretty tricky!
Al
Al
- Richard Sinkler
- Posts: 17067
- Joined: 15 Aug 1998 12:01 am
- Location: aka: Rusty Strings -- Missoula, Montana