Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: EBay Fraud Attempt

Re: EBay Fraud Attempt

From: Chris A. Mattingly <camattin_at_camattin.com>
Date: Tue, 10 Dec 2002 01:01:52 -0500

You might also contact the U.S. Secret Service, as this type of crime is
covered by this mission statement. (See
http://www.secretservice.gov/mission.shtml).

-Chris

----- Original Message -----
From: <jlewis_at_lewis.org>
To: "Logan F.D. Greenlee" <lgreenlee_at_ciretose.net>
Cc: <incidents_at_securityfocus.com>
Sent: Sunday, December 08, 2002 11:45 PM
Subject: Re: EBay Fraud Attempt

> This is definitely an attempt to socially engineer your credit card info,
> bank account info, and enough personal information to commit identity
> theft against anyone dumb enough to fill out the form (and I'm sure there
> are many suckers out there). You should immediately forward a copy to at
> least the following:
>
> privacy_at_ebay.com (don't know if this is the best contact, but it's all I
> found in a quick look at their site). This is the sort of thing Ebay will
> sick their lawyers on for use of the ebay name.
>
> noc_at_accentric.net (they're the tech contact for the IP block
> www.ebayupdates.com resolves to)
>
> domain.tech_at_YAHOO-INC.COM (they're the tech contact for the domain
> ebayupdates.com, which seems to be registered to some creep in Niceville,
> FL (which sounds fake, but actually exists)).
>
> It wouldn't hurt to try to notify the FBI and local Niceville police...but
> how much time to you want to spend on this? Odds are, you'll have to
> place several calls and talk to multiple people before you find an
> agent/officer who understands what a website is and why this one is bad.
> If Ebay's security people return your message/call, maybe you can just ask
> tem if they'll push the right buttons to get the FBI to pickup the person
> responsible for the site. They're likely going to be more familiar with
> what it takes to get some action.
>
> On Sat, 7 Dec 2002, Logan F.D. Greenlee wrote:
>
> > To the moderator:
> > This is my first post, and I'm not sure that this is right list
> > to be sending this to. If it isn't could you please tell me where I
> > should send it?
> >
> > Hello All,
> > About 24 Hours ago I received an e-mail from "EBay Billing" with
> > the subject of "EBay Billing Error". However, I have not conducted any
> > transactions in months, so I became suspicious. The text of the e-mail
> > is below as well as the routing path, which would indicate that it was
> > not in fact sent by eBay. Further, a visit to the site that is refrenced
> > in the email leads to a page that is javascript encoded. Right click is
> > disabled to prevent saving of the page. An inspection of the source
> > would also indicate that the creators of the page do not want users to
> > see where their information is going. I've looked around eBay and found
> > no other pages that were constructed in a similar manner. Finally, I
> > checked the WHOIS database entry for "ebayupdates.com" and found that
> > the registrants were not eBay corporate but someone in Florida. Is it
> > possible that this is a farily large scale attempt at gathering eBay
> > users account and/or credit card information.
> >
> > Logan
> >
> >
> > **** Message Header *****
> > Microsoft Mail Internet Headers Version 2.0
> > Received: from 195.73.193.7 ([24.232.235.26]) by ciretose.net with
> > Microsoft SMTPSVC(5.0.2195.5329);
> > Fri, 6 Dec 2002 19:03:46 -0500
> > Received: from unknown (HELO f64.law4.hotmail.com) (13.61.40.178) by
> > ssymail.ssy.co.kr with smtp; Dec, 06 2002 3:57:55 PM -0100
> > Received: from sparc.isl.net ([45.55.85.241]) by
> > anther.webhostingtalk.com with NNFMP; Dec, 06 2002 2:52:05 PM -0300
> > Received: from [177.34.196.8] by f64.law4.hotmail.com with NNFMP; Dec,
> > 06 2002 1:46:01 PM +1100
> > From: Ebay Billing <Billing_at_ebay.com>
> > To: logan_at_ciretose.net
> > Cc:
> > Subject: Ebay Billing Error
> > Sender: Ebay Billing <Billing_at_ebay.com>
> > Mime-Version: 1.0
> > Content-Type: text/html; charset="iso-8859-1"
> > Date: Fri, 6 Dec 2002 16:02:56 -0800
> > X-Mailer: eGroups Message Poster
> > Return-Path: Billing_at_ebay.com
> > Message-ID: <DCxgX3kT8fP682w9hWb00000009_at_ciretose.net>
> > X-OriginalArrivalTime: 07 Dec 2002 00:03:49.0430 (UTC)
> > FILETIME=[1E97BD60:01C29D84]
> > **** End Message Header *****
> >
> > **** Message Contents *****
> > Dear Ebay Member,
> > We at Ebay are sorry to inform you that we are having problems with the
> > billing information of your account. We would appreciate it if you would
> > visit our website [Ebay Billing Center] <http://www.ebayupdates.com> and
> > fill out the proper information that we are needing to keep you as an
> > Ebay member.
> > If you think you have received this email as an error, please visit our
> > website and fill out the neccesary information. That way we can make
> > sure that everything is up to date! Again here is the link to
> > our website. Ebay Billing Center <http://www.ebayupdates.com>
> > Joe Watson
> > Ebay Billing Center
> > Rep ID. 32A
> > Thank you for your business.
> > The Ebay Staff.
> > ************************************************************************
> > ******** *********************************
> > Do not reply to this e-mail, for assistance contact the customer service
> > team.
> > ************************************************************************
> > ******** *********************************
> > ***** Message Contents ******
> >
> >
> >
> >
>
> -------------------------------------------------------------------------- 

--
> > This list is provided by the SecurityFocus ARIS analyzer service.
> > For more information on this free incident handling, management
> > and tracking system please see: http://aris.securityfocus.com
> >
>
> ----------------------------------------------------------------------
>  Jon Lewis *jlewis_at_lewis.org*|  I route
>  System Administrator        |  therefore you are
>  Atlantic Net                |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
>
>
> --------------------------------------------------------------------------
--
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Received on Dec 11 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos