 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Car Forum / Mercedes-Benz Cars / June 2005eBay & PayPal spoof warning
I've just received eBay and PayPal "spoofs;" apparently my name was culled from this NG. Both look quite authentic but are not; I know that because I don't have an account at either place. There's no bottom to some people. Tom I have had same. A version of phishing, is it not? I have had such messages from banks with whom I don't have accounts....(as well as some banks from whom I DO have accounts). All junk. DAS For direct contact replace nospam with schmetterling --- > I've just received eBay and PayPal "spoofs;" apparently my name was culled > from this NG. [quoted text clipped - 5 lines] > > Tom > I have had same. A version of phishing, is it not? I have had such > messages from banks with whom I don't have accounts....(as well as some > banks from whom I DO have accounts). > > All junk. Phishing is correct. These are criminals looking to take over your ebay account or your paypal account. Either way, they are thieves. I report this type of phishing to both the senders ISP, as well as to Ebay and or paypal. Pathetic really, as you know there must be a lot of people that fall for it... NEVER USE A LINK IN AN EMAIL to go to either site. The safest way is to open your browser and type in the correct URL (ie paypal.com) Marty Absolutely correct. The spoof sites can be remarkably 'lifelike'. For fun one can look at the sender by hitting Properties. DAS For direct contact replace nospam with schmetterling --- [...] > NEVER USE A LINK IN AN EMAIL to go to either site. > > The safest way is to open your browser and type in the correct URL (ie > paypal.com) > > Marty > NEVER USE A LINK IN AN EMAIL to go to either site. > > The safest way is to open your browser and type in the correct URL (ie > paypal.com) Actually, there could even be a problem with doing that! When you enter a URL in your browser's address bar, it has to resolve that web site name to an IP address. Normally, that involves looking it up on your ISP's DNS server, but it actually looks first in the "hosts" file on your local PC. Of course most people don't have anything in there, but a malicious web site or e-mail sender can create a trojan horse that puts their resolution to sites like eBay and PayPal there, so while you may think you are at the real site, you have actually be redirected to the phishing site. You can mark this file as read-only, but even then it's not fail-safe. I do believe most modern security software (i.e. Norton Internet Security and the like) do protect this file, but it;s probably not a bad idea to check it periodically to make sure it has not been tampered with.  Signature- RODNEY >> NEVER USE A LINK IN AN EMAIL to go to either site. >> [quoted text clipped - 14 lines] > file, but it;s probably not a bad idea to check it periodically to make > sure it has not been tampered with. I haven't seen that particular exploit, but that would not be possible on a secure system ( ie linux, unix or mac) as the malicous trojan could not gain access to the hosts file... I don't know about windows, but there are other ways hackers can poison your lookups also, for example by corrupting DNS cache... Good Luck, Marty Where/how would I find this file? Thx DAS For direct contact replace nospam with schmetterling --- [...] > it actually looks first in the "hosts" file on your local PC. > Of course most people don't have anything in there, but a malicious web > site or e-mail sender can create a trojan horse that puts their resolution > to sites like eBay and PayPal there, so while you may think you are at the > real site, you have actually be redirected to the phishing site. You can > mark this file as read-only, but even then it's not fail-safe. [...] > but it;s probably not a bad idea to check > it periodically to make sure it has not been tampered with. > Where/how would I find this file? For Windows XP, it's usually in the \WINDOWS\system32\drivers\etc folder. You can do a local search on "hosts" to make sure. There are actually two files - "hosts" and "lmhosts" (if you find "lmhosts.sam", it's just an inactive sample). They both do the same thing, but lmhosts takes precedence and has some advanced options for pre-loading the DNS cache and such. Signature- RODNEY If you hate looking at tasteless banner ads you can use this same facility to avoid them! You just equate their domain name to 127.0.0.1 or something else pointless and you do not get the banner ad. Here is the relevent part of my hosts file: ########################################### # Turn off banner ads 127.0.0.1 overture.com www20.overture.com www21.overture.com 127.0.0.1 overture.com www10.overture.com www11.overture.com 127.0.0.1 adsite.washpost.com media.washngtonpost.com 127.0.0.1 ad.doubleclick.net doubleclick.net 127.0.0.1 ads.forbes.com 127.0.0.1 partner2profit.com www.partner2profit.com 127.0.0.1 ads.partner2profit.com www.partner2profit.com 127.0.0.1 z1.adserver.com adserver.com 127.0.0.1 yourfreedvds.com www.yourfreedvds.com 127.0.0.1 atdmt.com spe.atdmt.com 127.0.0.1 starwave.com ABCNews.starwave.com adsatt.ABCNews.starwave.com 127.0.0.1 atwola.com ar1.atwola.com ar.atwola.com 127.0.0.1 industrybrains.com links.industrybrains.com 127.0.0.1 googlesyndication.com pagead2.googlesyndication.com 127.0.0.1 fastclick.net media.fastclick.net 127.0.0.1 specificclick.net adopt.specificclick.net specificlick.net adopt.specificlick.net 127.0.0.1 clk.atdmt.com atdmt.com att.atdmt.com spme.atdmt.com 127.0.0.1 coremetrics.com twci.coremetrics.com 127.0.0.1 adsrv.news.com.au adserver.news.com.au 127.0.0.1 banners.pennyweb.com pennyweb.com 127.0.0.1 adsrv.news.com.au adserver.news.com.au Of course the sites probably hate this. It is the equivalent of getting a magazine with most of the ads chopped out. I usually only do it when I see an annoying ad. It works in Unix and Windows. . I began to get these junk e-mails last week. If you read them carefully, you will notice that most of them have misspelled words or font size/style changes within the body of the messages. What do the people who send them achieve with the spam? Hernando > I've just received eBay and PayPal "spoofs;" apparently my name was > culled from this NG. [quoted text clipped - 5 lines] > > Tom Well, if somebody falls for it, the people who send them get all your info, and then use that to hijack your paypal account, and buy a bunch of stuff with your money. >I began to get these junk e-mails last week. If you read them carefully, >you will notice that most of them have misspelled words or font size/style [quoted text clipped - 12 lines] >> >> Tom if the paypal account starts with "Dear sir" then you know its bogus!! > Both look quite authentic but are not; If you hover your mouse over the hyperlink and read the destination in your status bar at the bottom then you can tell some of the fake ones. They will have an IP address before the ebay or paypal domain names. eg http://123.12.321.21/ebay.com/........ is bogus We have beem getting them this side of the water, England. They always address as Mr or Sir, never your name and ask for more info than than the original, ie National Insurance number. If you have received one please FORWARD, not reply, to Spoof (at) ebay or Spoof (at) Paypal. Hope they catch the */*-**/!. Michael > I've just received eBay and PayPal "spoofs;" apparently my name was > culled from this NG. [quoted text clipped - 5 lines] > > Tom > We have beem getting them this side of the water, England. They always > address as Mr or Sir, never your name and ask for more info than than the [quoted text clipped - 3 lines] > Hope they catch the */*-**/!. > Michael There is little point in forwarding these if you are using brain damaged microsoft products and don't know how to forward the full headers... The headers are the real way to trace the chain of email. Although the Link is also potentially quite useful, none of the administrators will bother to even check that if you do not include the full headers from the Phishing emails... Marty Now now. It is perfectly simple to obtain the headers in Outlook Express ('Properties'). Otherwise I concur. It is essential to provide the headers for tracing. DAS SignatureFor direct contact replace nospam with schmetterling --- [...] > There is little point in forwarding these if you are using brain damaged > microsoft products [...] That's why so many of us use fake addresses. When I started in this newsgroup I used a real address (but one I did not use for anything else). After I noticed the many fake addresses of other users I switched to one myself. Sure enough, some months later I started receiving spam to that special address, which is still a legit address. I still get some spam. There truly are computer programmes that search NGs and web pages for e-mail addresses (crawlers). The safest is never to publish your e-mail address on the internet. DAS For direct contact replace nospam with schmetterling --- > I've just received eBay and PayPal "spoofs;" apparently my name was culled > from this NG. [...] > Sure enough, some months later I started receiving spam to that special > address, which is still a legit address. I still get some spam. Some months huh? Nowadays it more like 10 minutes... I am always appalled when I see innocent people using there real addresses here... Marty Bad news - I got one claiming to be from from ebay that was addressed by name and login! Very professional looking. The only cure is to NEVER click on those links, but enter a url by keyboard. If in doubt, forward the e-mail to spoof@ebay.com or spoof@paypal.com and their reply will tell you if it is real. Almost all are fake. I've received a couple of dozen so far. What is E-Bay doing about them, other than sending me a form letter saying I was right in that it was a fake? Surely they can find the A/H's who are doing this? > Bad news - I got one claiming to be from from ebay that was addressed > by name and login! Very professional looking. The only cure is to > NEVER click on those links, but enter a url by keyboard. If in doubt, > forward the e-mail to spoof@ebay.com or spoof@paypal.com and their > reply will tell you if it is real. Received an 'eBay' msg last week asking me to verify details. I have never registered there... Not the first time. DAS SignatureFor direct contact replace nospam with schmetterling --- > Almost all are fake. I've received a couple of dozen so far. What is E-Bay > doing about them, other than sending me a form letter saying I was right [quoted text clipped - 4 lines] >> forward the e-mail to spoof@ebay.com or spoof@paypal.com and their >> reply will tell you if it is real. > Bad news - I got one claiming to be from from ebay that was addressed > by name and login! Very professional looking. The only cure is to > NEVER click on those links, but enter a url by keyboard. If in doubt, > forward the e-mail to spoof@ebay.com or spoof@paypal.com and their > reply will tell you if it is real. Same here; the "phishers" apparently are becoming more sophisticated. I received a notice from eBay addressed to me by name and login, but then sent it to eBay myself and found out it was fake. VERY authentic looking! Just look at the full sender e-mail address details. DAS For direct contact replace nospam with schmetterling --- [...] > Same here; the "phishers" apparently are becoming more sophisticated. I > received a notice from eBay addressed to me by name and login, but then > sent it to eBay myself and found out it was fake. VERY authentic looking! Yes - and even Macintosh users aren't safe from email spoofs. :( > I've just received eBay and PayPal "spoofs;" apparently my name was culled > from this NG. [quoted text clipped - 5 lines] > > Tom |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.