TCS - EBay Scam

EBay Scam

by Don Singleton
Tulsa Computer Society
From the March 2004 issue of the I/O Port Newsletter

I received an email informing me "Your account at eBay.com is blocked".

Opening the email yields

It looks like it comes from eBay, doesn't it? It has the eBay logo, and the "home | register | sign in/out | services | site map | help" links at the top even go to eBay's website.

However they say "Please take a moment to confirm your account by going to the following address: www.eBay.com or www2.ebay.com" and those links don't go to the eBay website. The link for www.ebay.com goes to "http://www.darkprofits.com" and the link for www2.ebay.com goes to "http://www.darkprofits.net".

Interestingly this is not a very complete scam, because if one clicked on either of those links it would take you to a "Page Not Found". Some of these scams would even have faked up eBay webpages at those two websites, and some are even sophisticated enough to not only show apparent eBay web pages, but there is a technique they can use that would even have one's browser show they were on the eBay URL, even though they were viewing a page from a different website.

The email also provides a form in the email "You may also fill in the verification form here:" which asks for a credit card number and expiration date, and when scrolling down to the next page

they also ask for the CVV2 Code and an ATM Pin-Code. Guess what happens to people foolish enough to fill out the verification form and click Continue. The information goes to Darkprofits.com

That domain name is registered to:
ali frameed
Attn: 7588 - 145
3522 2nd Floor Rm 2 AL 11 B
Lard Prao Road, Klongchan Bangkapi
Bangkok, 10240
TH

So anyone foolish enough to fill in their credit card information sends that information to some guy in Thailand. I wonder how long it would take before their credit card was maxed out by charges from some other country.

Never send credit card information, or even fill in login name and password in response to an email message."

It is possible that these spam messages were sent by someone else hoping to embarras DarkProfits, based on this item in Snoops.com, however the warning above, about never sending credit card information, or even filling in login name and password in response to an email message, is definitely a valid caution.

Here is a report about this particular scam:



For more information on the Tulsa Computer Society click here



Tulsa Computer Society 3/01/2004
Don Singleton, President