EBay Phishers, Quit Already!
Posted by Anne B. McDonald | Wednesday, December 01, 2004 5:20 AM PT
Okay, is it the season or am I just lucky? I'm getting two to five EBay phishing e-mail scams a day. I guess some folks really fall for these subject lines: "Your account will expire in the next 2 days if you don't fill the forms!"
The
Anti-Phishing Working Group (APWG), which tracks stats on this type of fraud, says phishing attacks "use 'spoofed' e-mails and fraudulent Web sites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc."
These phishers are able to convince up to 5 percent of recipients to respond to these messages that appear to be from banks, credit card companies, and online retailers, the monitoring group says.
I must admit the first few times I see these fraudulent e-mails, I have a twinge of "Oh no!" It's akin to feeling guilty every time the cop car passes you on the freeway, I guess.
But these threats are real. APWG released a
report recently that said unique attacks were up 36 percent each month since July and up dramatically since October. The countries of origin of these scams seemed to be shifting as well. In the first half of the year, the U.S. seemed to be fraud central. While we're still leading the pack, according to APWG stats, our share is declining. China, Russia, and Korea are stepping up to the plate, however.
Hey, I don't even like to fill in extensive forms about myself and my financial info when I initiate an online purchase. I'm certainly not going to do it from an e-mail solicitation, even when it looks like it's from my pal EBay. Oh well, at least the earnest letters from alleged needy Nigerians have trailed off.
Are you being hit up by phishers? Who are they spoofing? Did you fall for it?
Yes, I've been hit with 4-5 e-mails that were supposedly from Yahoo! saying I needed to update my information. Being the informed person I am, I knew right away this was wrong. I sent a note to Yahoo! advising of the phishing. It's getting to the point where I don't enjoy the online experience anymore. I hate checking my mail and I hate surfing, knowing my pc is under attack.
I have received multiple emails saying they were from Citibank and needed me to update my account info. A link was provided in the email, of course. I immediately reported the emails to Citibank through their email fraud reporting link on the homepage. It's gotten to the point where if you aren't a very savvy internet user, you're likley going to get burned.
I got an email from 'Ebay' the other day, but I had already heard about this scam, and I wouldn't give out info from an email solicitation anyway.
However, this email was automatically labelled as 'Spam' by my Gmail inbox. :)
Hey there. It's Andy Brandt, the security beat editor here at PC World. I just wanted to chime in that I've been getting upwards of *twenty* of these phishing emails a day, every single day. I've got a spam filter entry solely dedicated to killing anything that comes from ebay.com now, but still they keep coming. Stop the madness!
You mean that email wasn't from eBay? I was wondering why they needed my SSN, birth certificate, and passport. Oh well, I guess I wasted a lot of time filling out those forms. Good thing I put in my ex-Wife's information and not my own.
I spotted this scam a million miles away. Their spelling and grammar was awful, although technically the website looking an identical match to eBay. So i proceeded to enter my name and password in as iamnotastupidmoron passwod:assholes. Any guess what?It logged me in, so i continued to fill in all the fields i could with abuse to send to these scammers. i suggest that everyone else should do the same.
lol - i actually have done the same thing as Wayne Howe - but I put in FU**you as my member name - and the password ? FU**you
And it also let me right in. I actually did have someone hack into my debit card information on both AOL and Ebay and Paypal, and NOT because I answered any of these things. I dont know how they did it or who they were but at age 45 I was almost 15 grand in the hole and no one would listen to me or do a damn thing about it. At age 47 (after having PERFECT 100% credit) - I finally had no choice but to declare bankruptcy. I suppose now my lifestyle of buying a new car every 3 - 4 years with no questions when calling for a loan and my dream of buying another home someday to be able to retire where I have always wanted to are all dashed and gone forever. All due to theives. And trust me, the FBI and credit places, banks, Ebay, Paypal, NONE OF THEM give one tinkers damn about any of it. No one even attempted to help me. Once the credit card companies started proceedings for wage garnishments for non payment on things that were charged to my old credit card that I DIDNT DO - that is when I filed bankruptcy. The credit card companies even had on file the address of where some of the merchandise ordered was delivered and they could have cared less. All they wanted was for someone to pay for it and that someone was going to end up being me. By the time I declared bankruptcy I was up over 25,000 in debt due to all the late fees and interest they kept all charging me.
Sigh - oh well.
My parents keep getting these e-bay emails. I just keep reporting them to the FTC and E-bay. then they stop for a wile, and start again. Oh well... I guess that is why I have 30 message rules in outlook express to delete them for me.
Ugh they got me! I didnt realize it, but the a..holes got me to give up my info. Im not sure what to do now. Unfortunately my credit already sucks, this isnt going to help, but my debit card does have a limit. which is not much. and my bank accounts dont have much either, its the social security number that Im worried about. I can change the rest. Just beware from someone who didnt think they could be scammed, but did.
If you're particularly tech savvy, you can always program a script that sends false data to their forms. I sent one batch of ebay phishers over 100,000 bogus submissions in a two day period. With a little tweaking, I managed to create random data that looked quite legitimate. Spam the spammers, and the fraud becomes more time consuming and much less profitable. Time to stop phishing get real jobs.
If you're particularly tech savvy, you can always program a script that sends false data to their forms. I sent one batch of ebay phishers over 100,000 bogus submissions in a two day period. With a little tweaking, I managed to create random data that looked quite legitimate. Spam the spammers, and the fraud becomes more time consuming and much less profitable.