Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
Dispatches Archive

« October 2006 | Main | December 2006 »

November 27, 2006

An eBay Message Scam Permalink

To ward off scammers contacting eBay users directly, eBay started up its own messaging service (My Messages) some time ago. If you want to contact an eBay member, you do so via eBay, which acts as the intermediary between the two parties. Of course any such attempt to thwart scammers only brings out more scammers, including some that send email messages that try to look like the eBay message service.

I just got one that fails the smell test on a few points. For one, although the message says "Your registered name is included to show this message originated from eBay.", my registered name is nowhere to be found.

Second, the message claims to originate from an eBay Power Seller, using a real eBay user's name. Unfortunately (or fortunately for those who check things out before acting), the feedback rating shown for that member in the email message is about 600 points less than that member's actual rating, meaning that the message was not created by eBay's servers.

Third, this message was addressed to my regular email address, not the one I use only for eBay.

Here's the so-called message (bad spelling and all) from this so-called member:

I have been waiting for quite a long time for you to reply , whith the payment details .For the reason i will be forced to report you to ebay as , an unpayed item strike , and as a result your ebay user will be suspended , and you will receive negative feedback in the future .Think again and give me your decision. Regards

Then the message contains a login form requiring my eBay user ID and password to send my response. If submitted, however, the form actually goes to a forms processing program on a Czech server, which will then forward the data to the crook, wherever he may be.

Sadly, I'm sure that this fake message will get numerous eBay members to submit their user IDs and passwords in an attempt to deny any transaction with this "member." Good eBayers (and there are tons of them) strenuously guard their feedback ratings, and will do anything to prevent a negative report. A lot of adrenaline will flow upon receipt of this message. A lot of eBay accounts will be compromised, to be used for fraudulent auction activity.

Posted on November 27, 2006 at 11:18 PM

November 19, 2006

A 419 Lure Without the Sob Story Permalink

Most advance-fee scams (a.k.a. 419 scams) begin with an unsolicited email message that goes into a long story about somebody in the process of dying or already dead. The recipient is asked to assist in getting a huge wad o' cash out of an African country or bank vault by pretending to be a relative or business associate. Blah, blah, blah.

I just saw a 419 message that does away with all the storytelling:

Dear friend
I am very happy to inform you about my success in getting that fund Now, I want you to contact my secretary on the information below.
NAME; Mr. jackson Moses Telephone Number:[removed, but with a Benin country code]
EMAIL: [removed]@yahoo.fr
Ask him to send you the total sum of 800,000.00)Eight hundred thousand dollars in a bank draft, which I kept for your compensation.

Regards,
Barr Victor

I guess I'm supposed to think there has been some mistake and this guy thinks he owes me eight hundred grand. Being a supposedly greedy American (don't get me wrong, there are plenty of them), I'll look the other way while I try collect these undeserved funds (and find out it will cost me thousands in up-front fees and taxes to never receive a dime).

I'm not one for the Government getting in the way of private endeavors, but maybe the Feds should collect the phone numbers and email addresses for each new incoming 419 message. Each time a gullible American tries to contact the criminal, his or her email message or phone call gets diverted to an Idiot Holding Pen. That could prove to be more effective in preventing Bad Stuff to Americans than all the airline passenger screening taking place.

Posted on November 19, 2006 at 11:46 AM
YACISP Permalink

(Yet Another Clueless Internet Service Provider)

I've been so busy lately that I haven't had a chance to check the "spam suspects" file on my server. This file contains mail that my filters have not summarily deleted, but instead have shunted to the side because the messages meet numerous requirements that make them likely to be spam. It's a huge file now, so my perusal could trigger multiple posts today.

The first item originates from a backscatter message I received from a domain I recognize all too well: 126.com. Over the years, I've seen tons of Chinese-language spam that has a contact email address using this domain name. I take it that 126.com is sort of like the yahoo.com of China.

So, the message I receive is from the Postmaster at 126.com as follows:

From: <postmaster@126.com>
To: dannyg@dannyg.com
Subject: You are sending a virus mail
Message-Id: <452D5B43.2EB1B2.04395>
Date: Thu, 12 Oct 2006 04:59:47 +0800 (CST)

You sent a virus mail, please check you computer for virus.

Mail header info:
From: dannyg@dannyg.com
To: [removed]@126.com
Subject: Re: Re: Document
Date: Wed, 11 Oct 2006 23:06:32 +0200

Here is a huge Chinese ISP basing its virus rejection based not on the IP address of the actual sending computer, but the forged From: field of the virus delivery message. In this day and age?

Incredible.

Posted on November 19, 2006 at 11:03 AM