MATRIXSYNTH: WARNING: NEW EBAY SCAM!!!


Saturday, November 24, 2007

WARNING: NEW EBAY SCAM!!!

There appears to be a new Ebay scan in which the auction link on Ebay redirects you to a phishing site that looks exactly like the auction post. If you log into Ebay on that site you are actually logging into the phishing site where they can grab your info including your password. What is scary about this is that it is not an email link sent to you that is easily identifiable. It IS THE EBAY auction on Ebay itself. If you clicked on the auction link for the last EMS Synthi post I put up here, change your password immediately and check for any activity on your account. I would check any accounts for activity that you have link to Ebay such as Paypal. Do this immediately and be careful. Thanks goes to retrosynth for catching this one. I got caught on this one myself. BTW, please spread the news. This is real.

NOTE: If you want to be safe purchasing on Ebay, there is only one way to do it. Purchase by Credit Card only and make sure your credit card has fraud protection. Call your credit card company and find out. If it does than all you have to do is report the fraud to your credit card company and they will reverse charges and handle the situation for you.
Posted by matrix at 11/24/2007 02:12:00 AM

18 comments:

  1. Xavier11/24/07, 4:41 AM

    Hi

    the scam goes as far as showing the auction withdrawn now...
    Amazing.
    Xavier

    ReplyDelete
  2. Dave Cornutt11/24/07, 6:40 AM

    Please enlighten me a bit on how this worked and what to watch out for. The link to the phishing site was embedded in Ebay itself? How was that possible? Was Ebay hacked?

    I need to know because my wife does quite a bit of trading on Ebay. She's computer literate, but certainly not an HTML expert. I need to be able to tell her what to watch out for, but it isn't clear to me how the scam worked. If it was possible for the scammer to put a redirect inside of Ebay itself, then potentially any auction anywhere on Ebay is vunlerable.

    Thanks in advance for the help.

    ReplyDelete
  3. ebpsinc11/24/07, 9:47 AM

    does anyone have more info on this scam. I was one the people who got burned on it. I actually lost money (live n learn).
    I have made numerous reports to ebay and IC3.gov but have had no official respones.
    eb

    ReplyDelete
  4. -daddio-11/24/07, 10:03 AM

    I got snagged too.
    No money lost (whew).
    Good thing my accounts were empty.
    Sneaky devils, ain't thay.
    Thanks for the heads up.

    ReplyDelete
  5. matrix11/24/07, 10:11 AM

    1. If you click on the Synths on Ebay link on the right of my site it will take you to a filtered listing of auctions on Ebay. This is what I use to parse auctions ever night. There was a listing for the EMS Synthi. I clicked on it and apparently it redirected me to the phishing site. The phishing site looked exactly the same but the URL in the Address bar of the browser had a different address. If I remember correctly it was something like a-ebay.com or something.

    2. As for email scams, if you mouse over a link in the email you should see the address in the status bar of your email client which is at the very bottom left of the email client's window frame. I you don't see the link when you mouse over any link in email then you might need to turn the status bar on in your email client's viewing options. Usually you will see an IP address (a bunch of numbers) instead of the URL or you will see a different but very similar URL that tries to trick you, like a-ebay.com or ebay-services.com. The URL has to be ebay.com to be legit. NOTE that this is what I've seen to date so far. I do not know if they can mask the mouse over URL as well. Considering what I saw with 1 above, they would just need to send you to a valid auction link on Ebay and then do the redirect there. This is a HUGE security hole on Ebay's side and I have never seen it after over a year of diligently going through Ebay auctions on a daily basis. I have gone through HUNDREDS of auctions and have never seen this on Ebay itself. My guess is it was a standard redirect and Ebay will put some algorithm in place to catch it again - if they know about it. The big question is did Ebay take the auction down or the phishing site.

    3. ebsinc, did you purchase by credit card? If you did you should be able to file a fraud claim and get your credit card company to reverse charges and handle it for you. NEVER purchase off of Ebay without a Credit Card, period. I will add this advise to the post.

    ReplyDelete
  6. BirdFLU11/24/07, 10:32 AM

    I switched my ebay and paypal accounts so that they have their own e-mail address used for that only. That cut down on nearly all of the new ebay scams.

    ReplyDelete
  7. synx50811/24/07, 10:37 AM

    This is shocking, Ebay has a long history of having its own redirection software misused by phishers. I did a Google search for "ebay phishing redirect" there are a results stretching back a few years, each of them based on using Ebay itself to redirect auctions to phishing sites.
    One of the other things worth noting is that people who discovered this problem found Ebay to be "unresponsive".
    I'm not sure that there's a legitimate reason to have a server based redirector that accepts a URL as an argument, this seems to be the technique that these redirects use.

    ReplyDelete
  8. matrix11/24/07, 10:42 AM

    Here's the URL that was at fault: link. Currently it does not redirect but takes you to cgi.ebay.com's Invalid Item listing. The item number listed is 290185105798.

    ReplyDelete
  9. ebpsinc11/24/07, 10:43 AM

    matrix,
    thanks for your comments and thoughts. I did not use a credit card (...I know - I've beaten myself up over this).
    I corresponed with a Sythi blog in germany. they too were aware of this scam and fwd me a link to ebay germany where the same item was listed. For what it's worth, I reported the name and address in the UK where the mony was sent.

    I was blinded by my desire to be a Sythi owner.
    eb

    ReplyDelete
  10. matrix11/24/07, 10:47 AM

    At the bottom of the page it reads "In addition, these payment methods are not eligible for the eBay buyer protection programs." What's the eBay buyer protection programs? Is it automatic or do you have to pay extra? There is also a link at the bottom of the page for tips on trading safely: link.

    ebpsinc, if you need any assistance from me, please let me know. You can find my contact info on the bottom right of the site.

    ReplyDelete
  11. matrix11/24/07, 10:49 AM

    BTW, ebpsince, how did you pay for it if not by CC so quickly? Your experience could help others reading this.

    ReplyDelete
  12. ebpsinc11/24/07, 10:51 AM

    matrix,
    what is the URL cgi.ebay.com?
    most of the auction links on matrixsyth will direct you there.

    ReplyDelete
  13. ebpsinc11/24/07, 10:59 AM

    matrix
    i foolishly paid via western union - somthing any ebay user will tell you not to do, I did have a week long correspondence with the seller. I also received an "official looking" ebay invoice listing the seller a verified address and secure seller.
    gotta run...will contact you with more on this. thanks all.
    eb

    ReplyDelete
  14. matrix11/24/07, 11:12 AM

    Interesting. A week long conversation? I first saw the auction last night when I put it up. Was it the same auction or a different one? Is he re-listing them? In regards to cgi.ebay.com, you are correct, I was just calling out that it was a valid ebay link. The redirected link before it was taken down was not.

    ReplyDelete
  15. Dave Cornutt11/24/07, 4:15 PM

    That's weird, because I looked at that URL and I don't see how it does that redirect. It doesn't have an embedded URL redirect argument. Whoever did it must have some very intimate knowledge of how Ebay's server-side scripts work.

    Does anyone know if it's still possible for a Web page to spoof the URL that's shown in the address bar in IE6?

    ReplyDelete
  16. ebpsinc11/24/07, 5:31 PM

    matrix
    yes. I got scammed on this a few weeks ago. this was originally posted on ebay and a matrixsynth link at the end of October.
    It appeared on ebay.de a few weeks later.
    i'd like to nail this SOB but as synx508 commented, ebay is "unresposive".
    any ideas? scary thing is that he/she could be anyone reading these blogs...

    ReplyDelete
  17. stepwriterun11/24/07, 10:28 PM

    Ebay won't care so long as the money keeps rolling in.

    If you want them to notice, send this to the Consumerist Blog. That gets lots of traffic from corporate a-holes looking to keep their companies image clean.

    ReplyDelete
  18. Doktor Future11/25/07, 10:48 AM

    I find it hard to believe that people are still sending western union for ebay items. I mean, that's really amazing to me.

    ReplyDelete

To reduce spam, comments for posts older than one week are not displayed until approved, usually same day. Do not insult people. For items for sale, do not ask if it is still available. Check the auction link and search for the item. Auctions are from various sellers and expire over time. Posts remain for the pics and historical purposes. This site is meant to be a daily snapshot of some of what was out there in the world of synths.

PREVIOUS PAGE NEXT PAGE HOME

Patch n Tweak
Switched On Make Synthesizer Evolution Vintage Synthesizers Creating Sound Fundlementals of Synthesizer Programming Kraftwerk

© Matrixsynth - All posts are presented here for informative, historical and educative purposes as applicable within fair use.
MATRIXSYNTH is supported by affiliate links that use cookies to track clickthroughs and sales. See the privacy policy for details.
MATRIXSYNTH - EVERYTHING SYNTH
Subscribe to: Post Comments (Atom)