|
eBay Phishing Scams..for those that aren't aware.
|
View this Thread in Original format
| placebo |
Hello, I'm sure most people on this board are aware of eBay/PayPal phishing scams (among other companies), however I know alot of people are uninfored, I personally know some people have actually fallen for these. I get them on a daily basis, probably about 10+ per day. Anyways, here are some screen shots of one I got today. This one is pretty obvious, due to alot of factors. For one, when does eBay use exclamation points in the subjects of emails? And the URL is a dead giveaway of a scam.
WHOIS LOOKUP
Here is the whois info for the domain:
| quote: |
WHOIS results for 63.195.107.221
Generated by www.DNSstuff.com
Location: United States [City: Plano, Texas]
NOTE: More information appears to be available at NET-63-195-107-216-1.
Using 0 day old cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).
SBC Internet Services SBCIS-SIS80 (NET-63-192-0-0-1)
63.192.0.0 - 63.207.255.255
Sameh Michaiel-040804134921 SBC06319510721629040804134925 (NET-63-195-107-216-1)
63.195.107.216 - 63.195.107.223
# ARIN WHOIS database, last updated 2006-06-28 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
|
I went to the root IP address of the site:
http://63.195.107.221/wioteladmin/
Some page called "wiotel". I googled that page and came back with the actual wiotel site, then I did a WHOIS lookup on that. Registered to the same guy, but different locations. Also, on the wiotel admin page, a link references "tools.wiotel.com" if you ping that, it comes back with the same IP as the phishing site, but if you ping www.wiotel.com, you get a different IP.
| quote: |
Registrant:
Wiotel
4229 Littelworth way
San Jose, California 95135
United States
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: WIOTEL.COM
Created on: 01-Dec-02
Expires on: 01-Dec-06
Last Updated on: 22-May-06
Administrative Contact:
Michaiel, Sameh [email protected]
Wiotel
4229 Littelworth way
San Jose, California 95135
United States
408 238 2211
Technical Contact:
Michaiel, Sameh [email protected]
Wiotel
4229 Littelworth way
San Jose, California 95135
United States
408 238 2211
Domain servers in listed order:
NS7.ZONEEDIT.COM
NS14.ZONEEDIT.COM
Registry Status: REGISTRAR-LOCK
Registry Status: clientDeleteProhibited
Registry Status: clientRenewProhibited
Registry Status: clientTransferProhibited
Registry Status: clientUpdateProhibited
|
Looks like the same guy has the eBay phishing site on his server. Doesn't mean he set it up, someone else could have hijacked his server and put that on there. Especially since that IP is in Plano, TX and his domain is in San Jose, CA. |
|
|
| Sunsnail |
| lol funny. I too noticed the exclamation points... This would work on someone like my grandmother.. |
|
|
| placebo |
| After I reported the site to eBay, AntiPhishing.org, and the abuse contact at their ISP, looks like it got taken down...haha. |
|
|
| sothis |
ive been receiving a weird new approach recently.. here's the copied text from the forum i posted it on:
--------------------------
ive been getting this fairly recently and havent heard anyone else talk about it, so i thought id give a heads up.
the first one of these i got, i was almost fooled. it looks EXACTLY like a "ask the seller a question" emails you'd get if you were selling something.
i think ive received about 5 of these now in a few weeks, all from "minidigitalis". the first thing i did was check the auction ID number... it was legit (though it isnt anymore, yet i still get these emails about this same item, ha). i then was a little concerned that maybe someone had put my email address as the contact, so they could scam the person out of their item (in this case, a computer). but, their email address was definitely not mine.
i moused over the links. all of them were legit... EXCEPT ONE, which ultimately tipped me off. in this case, it was the top most "learn more" link, which led to some other weird site. the other way they ed up is that the email subject says its from "digitalis" while the member id in the email is "minidigitalis". honestly, i have no idea what this scam is even trying to do... but clearly its up to something.
i just noticed that now, even that "learn more" link appears to lead to a legitimate page.. so they must have caught on to their mistake.
so yeah. not sure what it's trying to accomplish, but almost fooled me. be careful if you see one of these. |
|
|
| Sunsnail |
| quote: | Originally posted by sothis
so yeah. not sure what it's trying to accomplish, but almost fooled me. be careful if you see one of these. |
conspiracy! |
|
|
| Boomer187 |
lol, any email asking you to click a link is not good. Never click em :P
unless you fill em out with aplz info. |
|
|
| optik |
if you do get caught - your course of action should be (I know of someone who reponded to the request for info one):
log into ebay and change your password ASAP - to something completely different.
email the ebay fraud department (via their website) they will monitor your account, and check for fraudulent activity.
pray. |
|
|
| CleverName |
heh nice [fake] SSN you entered...oblig simpsons quote:
| quote: | | Mr. Burns: [after being asked his SSN] Null null null, null null, null null null TWO. Damn you roosevelt!" |
|
|
|
| placebo |
| quote: | Originally posted by sothis
ive been receiving a weird new approach recently.. here's the copied text from the forum i posted it on:
--------------------------
ive been getting this fairly recently and havent heard anyone else talk about it, so i thought id give a heads up.
the first one of these i got, i was almost fooled. it looks EXACTLY like a "ask the seller a question" emails you'd get if you were selling something.
i think ive received about 5 of these now in a few weeks, all from "minidigitalis". the first thing i did was check the auction ID number... it was legit (though it isnt anymore, yet i still get these emails about this same item, ha). i then was a little concerned that maybe someone had put my email address as the contact, so they could scam the person out of their item (in this case, a computer). but, their email address was definitely not mine.
i moused over the links. all of them were legit... EXCEPT ONE, which ultimately tipped me off. in this case, it was the top most "learn more" link, which led to some other weird site. the other way they ed up is that the email subject says its from "digitalis" while the member id in the email is "minidigitalis". honestly, i have no idea what this scam is even trying to do... but clearly its up to something.
i just noticed that now, even that "learn more" link appears to lead to a legitimate page.. so they must have caught on to their mistake.
so yeah. not sure what it's trying to accomplish, but almost fooled me. be careful if you see one of these. |
You're not alone, I get those all the time too...and I am an eBay seller, so the first time I got one, I was like, WTF? I don't have that item for sale? Took me about 20 seconds to realize it was a phishing email. |
|
|
|
|
