Fraud Through Ebay !

[cyanide]

Hi Everyone,

The other day had a new client sign up for a hosting account. This person had 'ebay' within their domain name. I thought it was a bit weird, but figured it was a hard-core Ebay seller or something.

Well, last night we received a call from someone that received an email that traced back to us. (see below) We found out after that the domain didn't even exist and this person was using our Ip address to link to, like this 123.123.123.123~ebay/

Ofcourse we immediately suspended the account

Here's an excerpt:
---------------------------------------------------
From: service@ebay.com
Sent: Thursday, August 21, 2003 10:14 PM
Subject: eBay Account Error -- URGENT
Dear eBay User,
During our regular update and verification of the accounts,
we couldn't verify your current information.
Either your information has changed or it is incomplete.
Please update and verify your information by signing in your account.

If your account information is not updated within 5 days,
your access to bid or buy on eBay will be restricted.

please go to the link below and enter the information required:
http://www.ebay.com/acounts/member/.../?dll87443%2213
(of course this link really pointed to the Ip address)

*** Please Do Not Reply To This E-Mail As You Will Not Receive A Response ***

Sincerely,
eBay Account Review Department
----------------------------------------------------

To all:
Please Beware !!

We are investigating.

To all web hosts:
Every had something like this happen ?
If so, what did you do about it or how did you handle it ?

[t94xr]

they all get caught out in the end :D

although i must say that one had a bit of thought into it. Most just post fake auctions and run.

[ojo4max]

Sounds like he was trying to use your hosting company as a relay server, probably for bulk emails. He could sent emails that looked like they are coming from Ebay, requesting people to send more info like CC# or banking info. We had something like that happen to us a few years back and reported it to the FBI. They found whoever was doing it and stopped it. Of course today they have bigger fish to fry than this kind of petty stuff. Now that you know what to look for, you should not have to much trouble spotting the next one. Good luck to you...

[CCollins]

I am in the web hosting business but I screen each customer so this does not happen. Not looking for lots of customers, just good ones.
But regarding this type of problem. It is an email scam so most people will get the message if they have an email account. I have also received them supposedly from PayPal and some others that I did not have an account with (sorry, I forget who they were). In the case of PayPal, they have put a page on their web site where you can send the email header information to them. They are actively pursuing these criminals. Both the ebay and PayPal situations have been in newspapers and TV.

They give word to the wise: No legitimate online business will ever ask you to confirm account information with an email linked to a site/page. If you receive such a request, go to the real web site and contact them through their contact system and ask if they sent the request. If they did, shame on them. Tell them to stop. If they didn't, give them the information so they can take legal action.

Thank you for bringing this to our attention and keep up the good tips.

[mrbuyout]

I found one of those links on my forums this morning.It was DELETED!!!!

[soulint]

I keep getting emails every few months from Godaddy telling everyone in their db that someone has been trying to pull something like this off and that we should not give any kind of personal information by email.
I am in the hosting business as well and I have been on the look out for these guys. I hear that they are now moving to hosting companies outside but around the US (backbone stuff) like bahamas or costa rica. I understand they host a few redirect pages on these servers (bahamas etc.) set a landing page or a small site on an other server in asia.
So they would use their ebay (or godaddy or whatever) email account in asia but still use your server (if you are in bahamas etc) for redirects. So they evade the federal law and the spam cops and ebay etc ect etc.
Just thought it was interesting...

Farhad

[bboss]

Hello,
Though I am no techno-junkie, or super-cyber kid, I am an old-timer to Ebay and the buying side of their auctions, which means that my Ebay ID was my email address. Well, when you add this to an evil minded & penny pinching techno, who simply searches Ebay for Email ID's and then assumes that he "forgot", then "changed" his password... WWHAA-LLAA!! Easily cyber-jacked account.

Luckily, I noticed the automated emails from Ebay, stating I "forgot my password", and the others as soon as they were out. Which I promptly forwarded to Ebay at the address they note for "If you or someone you authorize did not make this change...". After noticing, notifying, and not getting a "real" responce till the next day, the evil techno had listed over $200.00 worth of listings on my account!

Some of the email from Ebay regarding the situation is included below, as well as some of their advise...

______________________________

Subject: Re: TK91014 Your recent email to eBay's Trust and Safety Department. From: eBay Customer Support <password@ebay.com>

Hello,

Thank you for writing in with your concern.

It appears that your account was taken over by a third party in order to list items without your authorization. Fortunately, we were able to end
these listings without incident. At the time the listings were ended, all associated fees were credited to your account.

The email address on your account was changed, which is why you did not receive notification of the items listed. We have restored the email address on your account at this time. Please be aware that after an
email address is changed, our system automatically records and saves the previous address for a period of 30 days. Although your account can be located in a search using the address registered by the unauthorized party, this does not indicate that he or she has access you your account. Our system does not allow us to completely remove this address
from our records; however, after the 30-day period expires, the previous address will no longer appear on your account...
When we change a User ID, we do so in order to help ensure that an account is secure. We have found that members who have registered their email address as their User ID are more susceptible to unsolicited email messages as well as attempts to tamper with an account. For this reason, we no longer permit members to register with a User ID that is the same
as his or her registered email address and we cannot change a User ID to an email address.

Let me suggest a few ways this take-over could have occurred:

First, there have recently been a number of email messages sent to eBay members asking for User IDs and passwords. These messages appear have been sent by eBay Support when they were not. eBay will never ask for sensitive information of this nature via email.

Second, if you use a fairly simple or easy-to-guess password, it's possible someone could have guessed it after repeated attempts. For this reason, it's important to use a password that uses a combination of letters and numbers, making it very difficult to guess. The same applies for the password hint question. It's also important to use different
passwords for the various online accounts you use (email, PayPal, etc).

Finally, there are a number of computer viruses in circulation that log and record keystrokes. It's recommended that computer users keep their virus alert software up-to-date, and check their system often for problems. A firewall for high-speed Internet users is also highly recommended. More information about steps you can take to protect you
computer against viruses can be found at the following address:

http://www.techtv.com/callforhelp/ho...000006,00.html

Again, thank you for taking the time to write. I appreciate your continued help in keeping eBay a safe and fair place to trade!

Regards,

Tabitha
Fraud Prevention Group

_____________________

Now besides these, I have ended my direct pay option with ebay, opting for the one-time pay, and closed my Ebay Sellers Assistant Program, which required the direct pay option. If there are any other measures I should take, please let me know!!

Thanks, and good luck in the world wide spiders web of information!!

[amateurseoguy]

I had a similiar experience with Ebay. Except I was on the buying end of a frauded auction. I requested the sellers information and email address and it all looked legit. I won the auction, sent the money and never got the item. Right after I sent the payment I had a bad feeling and it turned out I was right. I ended up getting screwed out of almost $900 but finally recovered $175 back from Ebay from their Fraud department. A small amount to be repaid considering the amount lost. I will no longer do any business with Ebay and will be de-activating my account as soon as I get a check.

[cyanide]

ojo4max:

Quote:

Sounds like he was trying to use your hosting company as a relay server, probably for bulk emails.

nope. we thought that at first as well. As it turns out, the email ip address originates in Asia

CCollins:

Quote:

I am in the web hosting business but I screen each customer so this does not happen.

So how do you screen them ? Do you call ?
What if you get no answer ?
We have credit card fraud-detection and this one went through without warning.

Anyway, round 2 ... He's at it again !

[OutsourcingDoug]

Ah ha! The too good to be true auction.
ALWAYS PAY WITH CREDIT CARD.

[ours1]

HI!

I;m bew to WPW and I'm really interested in Ebay & Ecommerce....

this thread is very interesting!....(and distubing)

are there any websites out the re that can give me more info on this topic

thanks!

Ivan

[OutsourcingDoug]

And remember, the biggest scam on eBay will eventuallly be pulled by a super duper powerseller gone bad. Also, did you know that there is a black market for "perfect" feedback records? $1 each. yeah sure, you are not allowed to sell your eBay id.. mmm hmmm.


Enjoy your day!

(ebay ID Axzar3000)

[Tamelyne]

I got a similar e-mail a couple of years ago claiming to be AOL and wanting updated credit card info. It had their logo and everything, but I had seen warnings about emails like that, so I called AOL. It wasn't them and they just said "forward it to us" which involved a search in their keywords and help screens to find out how! I never heard anything more about it, but luckily I had been warned so I didn't get scammed.

One other thing that's important is when you're ordering over the internet, never give your credit card info on a page that isn't a secure server. I did once and my card number got jacked. Now I always check to make sure it's "https" not "http". One of my vendors uses a pop-up window shopping cart with no url so I had to right-click and get the properties in order to find out it wasn't secure. Now I make them call me to finalize the order and get my card info.

Tammy

[shaz1104]

hi for the person who was intrested in ebay i sell on ebay and do very well no not ripping people of im not like that i started selling on there now i have my own web site selling the same i still sell on ebay as its good for my buisness hope this helps.
i will say dont just expect things to sell just like that it takes time my feed back has only just got above 50 and im now finding more people are trusting me as a seller .

[asianwebmaster101]

Quote:

Originally Posted by soulint

I am in the hosting business as well and I have been on the look out for these guys. I hear that they are now moving to hosting companies outside but around the US (backbone stuff) like bahamas or costa rica. I understand they host a few redirect pages on these servers (bahamas etc.) set a landing page or a small site on an other server in asia.
So they would use their ebay (or godaddy or whatever) email account in asia but still use your server (if you are in bahamas etc) for redirects. So they evade the federal law and the spam cops and ebay etc ect etc.
Just thought it was interesting...

Farhad

Unfortunately there is nothing we can do if this is done overseas. Just need to implement additional safeguard measures if you are in the hosting business.

[djrunnels]

Quote:

Originally Posted by cyanide

Dear eBay User, During our regular update and verification of the accounts, we couldn't verify your current information. ...your access to bid or buy on eBay will be restricted. please go to the link below and enter the information ...*** Please Do Not Reply To This E-Mail As You Will Not Receive A Response *** To all web hosts: Every had something like this happen ? If so, what did you do about it or how did you handle it ?

I received that very email. As soon as I quelled the rising terror of my ebay-addicted persona--what?! I can't bid?! aaccccccckkkkkkkkk--I forwarded the email to ebay's fraud division, so I hope I didn't point fingers at you. Wasn't my intention.

The wording IS pretty good, but it is rare that anyone will request sensitive information by email let alone state, "Do not reply to this." The latter is used mostly to acknowledge a company received some information and plans to get back to you. When there is an actual problem, a company will usually fall all over itself saying to please contact them and if we have any questions don't hesitate to call and they will even provide multiple ways to contact them, because they WANT to resolve the issue.

Lastly, I look for bad grammar and misspelled words or typos, for which fraudulent emails are famous.

[globalhostinggroup]

There are always loopholes the internet is not designed for security there is always fraud everywhere in the beginning the internet was relatively innocent but at it became a source of a greater audience people try to manipulate that in every aspect and the more it grows the more complex they will get to scam you $$$

[keywordguy]

To echo another post, I'm in the hosting business as well. I've been fortunate enough to have never had any fradulent sites host with me, but I try to screen each potential customer to understand what the site will be used for.

The stakes have gotten too high for legitimate hosting companies to waste time dealing with SPAM and Black Hole lists.

[handry]

Quote:

Originally Posted by keywordguy

To echo another post, I'm in the hosting business as well. I've been fortunate enough to have never had any fradulent sites host with me, but I try to screen each potential customer to understand what the site will be used for.

The stakes have gotten too high for legitimate hosting companies to waste time dealing with SPAM and Black Hole lists.

Yes, thats the major concern in now, you need to take action as soon as possible, coz SPAM dealing with your business box.

[montytx]

I am daily getting emails from paypal saying that my account is suspended until I update my CC and bank settings. Quite I joke. I fire it off to paypal and they dont seem to do anything about it. I actually went the the site and filled out a lot of bogus info to see what would happen. Somewhat clever. They make you reenter you cc and pin and bank account number. Then they tell you your account is restored and can be used again. They then point you to the real paypal to login.
I feel sorry for the suckers who buy into it and discover their CCs have been maxed out next month.
There are some evil geniuses running around.

[wahmpee]

haha! I am glad I'm not the only one that's filed in their info!
Name: Scammer Yousuck
Address: 123 Getarealjob Dr.
LOL!!!

[montytx]

Yeah that is the same sort of stuff I entered. Yor busted and m