Dangerous messages
by Volker Weber
I received this spam message today which pretends to be a legitimate message from eBay:
The whole text of this message is an image and it links to the following address (abbreviated here):
http://scgi.ebay.com@%32%31%31%2e%32%31%37%2e%32%32%34%2e%31%30%32:...
Rocky helped me decode the string to ASCII and it reads like this:
http://scgi.ebay.com@211.217.224.102:4901/update/index.htm
Everything in front of the @-sign is a username and will be ignored by the website. So we are linking to 211.217.224.102 port 4901. This address belongs to an ISP in Seoul, Korea.
Comments
Everyone's probably going to get a lot of those in the next few weeks. Stupidly, an article appeared yesterday on the home page of MSN with a news story about an Ebay scam artist, and how he did it.
It was suposed to be a scare story, "look out for these people, and see how easy identity theft it?" I'm considering it a step-by-step instructional method on how to scam users. :-)
Of course, thousands of people are now going to try the same thing now that they just learned how to do it!
Glad to be of help. BTW, after a bit of snooping here's what I have found out about this address. It is a credit card/ID theft harvesting scam. They send you to a fake eBay site and prompt you for credit card info, etc.
Here's a link to the web site for the Ocala County Police Department in Ocala, Florida USA - this site explains a bit more...
http://www.ocalasmostwanted.com/ebay_scam.htm
Hope this helps. And BTW, they call me Rocky for many, many reasons (insert your favorite slam here).
Rock
Hi Volker,
you should get in contact with eBay in Germany.
Some days ago I received a similar mail, but with a faked link
and logo for PayPal. It pointed to an IP range in Korea.
I hope that Korean prisons are dirty and cold, well equiped with cockroaches and rats.
I received the same exact spam in the US.
I got this the other day too. Easily identified (a) the subject matter (b) the image link, as you point out and (c) sent to an address thyat has nothing to do with any address I have logged with eBay. I've warned all the eBayers I know...
It's a nasty scam alright, and no doubt one of the first of many. My online bank is already warning users on the front page that they don't send these kinds of mails. I'd venture to add that it would be good if eBay did the same.
good detective work! thanks!
hi volker,
there was an article on heise.de some time ago...
http://www.heise.de/newsticker/data/dab-08.09.03-002/
Volker,
see
>http://www.heise.de/newsticker/data/dab-08.09.03-002/
Btw: In R6, no programming is required, simply use the @URLDecode(...) part in computed text.
In R5 which doesn't know @URLDecode yet, you can use the JavaScript from this page (which does online encoding/decoding as well) or use LotusScript:
> http://www.albionresearch.com/misc/urlencode.htm
That was just for the records, I guess.
Wolfgang is right. Good catch, Wolfgang :)
And thanks for the page that does the encode/decode - that could come in handy someday.
... and the story goes on: today 02.10.03 I received the same message from this mail-adress: user-support1@ebay.com. As described above the mail was a picture and I have an account on ebay.de. So ebay users in Germany should be very careful now!
