Please login or register.

Login with username, password and session length
gfx gfx
76781 Posts in 13501 Topics by 1651 Members - Latest Member: Arnold99 July 17, 2024, 03:44:19 pm
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  A Phishermans Tale

Author Topic: A Phishermans Tale  (Read 1710 times)

0 Members and 1 Guest are viewing this topic.

Offline DaBees-Knees

  • WMW Team
  • *****
A Phishermans Tale
« on: November 25, 2014, 12:15:21 pm »

What's the biggest problem holding back the development of online commerce? Surely it is the fact that fraud continues to undermine confidence. Online fraud, often conducted via phishing emails, seems to be on the rise - and in the last month or so I've had personal experience of how sophisticated the fraudsters can be.

The latest example involved eBay, which has been fighting a long and only partially successful campaign against fraudsters who have damaged the reputation of the auction site as a safe place to do business. For several years now I have been running an annual auction of gadgets in aid of the BBC's Children in Need appeal.

The gadgets are review units supplied by some of the big names in tech, and they fetch some good prices. This year one of the products was the new Blackberry Passport smartphone, and I was delighted to see that, after an intense bidding battle, it went for £410.

Then the winner contacted me to ask for my PayPal details and some further photos of the item. This seemed mildly curious - other winners just clicked and paid - so I had a closer look at the buyer.

He was called Tommy, gave an address in London which I couldn't find on a map and had only joined eBay the day before making the bid. I sent him a message requesting payment but also forwarded his message to eBay to see if there were grounds for concern.

To its credit, the auction site immediately advised me to hold off sending the item, even if paid, because the buyer did indeed look suspicious. Then overnight came a flurry of messages, from Tommy himself and from PayPal. "Dear Rory Cellan-Jones," said one of the PayPal messages, "You've received a payment of £485.00 GBP…"

Tommy had emailed to explain that he had added £75 to the bill to cover the cost of posting the item "to my Nephew in Nigeria cos will be going there to visit him due to family reasons".

Meanwhile, another email arrived from eBay warning me that the auction had been cancelled because Tommy's account no longer existed and he was a "suspicious buyer".

Now that was already obvious to me, but if he had not wanted the item posted to Nigeria I might have been taken in by the very convincing emails from Paypal - which on closer examination turned out to come from a dodgy address ending

I decided to contact Tommy, and asked him to send me a phone number so that I could "just sort out a few details" before sending the item. I eventually got through and at first, when I suggested to him that the PayPal emails were fake, and he was probably a fraudster he insisted that was a lie. But when I pointed out that the London address he had first given did not exist he put the phone down.

Tommy's scam - buying items on eBay and then convincing sellers that he has paid for them - may work some of the time. But only if the sellers do not examine those PayPal emails quite carefully enough.

And there are plenty of similar scams depending on very convincing faked emails. Just last month, my elderly father received an email from Amazon telling him his account had been accessed from Romania, and if that was not him he would need to download some software and then change his password.

At about the same time, my wife got a message from Apple warning her that her Apple ID had been frozen "as a protective measure to safeguard your iCloud Account from unauthorised access." This time there was a link to click to "certify" her account.

Neither of them fell for these ruses which would have led to identity theft and perhaps to malware being installed on their computers. But my father was only saved, because he found the instructions in the email too complex to follow.

Recent figures from the National Fraud Intelligence Bureau showed that £670 million was lost to online fraud over the last year. But that was almost certainly an underestimate as surveys also showed that only a minority of victims end up reporting frauds to the police.

We all need to be aware of the dangers from phishing emails, but some of the advice is confusing, Never click on a link in an email, we are told - but every month I get a bill from my broadband provider with a link to click on. And should our email programs not be better at spotting phishing messages by now, by cross checking addresses with those of known senders? Perhaps everyone, from online shoppers to the big web businesses and the law enforcement agencies, needs to up their game in the battle against the fraudsters.

Keep your eyes open.

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: A Phishermans Tale
« Reply #1 on: November 25, 2014, 08:19:09 pm »
I had a guy try this with me but of course I was suspicious as soon as he mentioned sending it to Nigeria when his account showed he was supposed to be in Germany, to add a twist to this story I did a bit of digging and noticed the chaps EBay account had been dormant for a long time until very recently and thus I suspected the account was a hijacked one,
We received the fake Paypal invoice and noticed the fake address and thus my suspicions where confirmed, I notified EBay who closed the account agreeing with me that this was not a genuine user.

 I believe the following method is employed to gain valid user credentials for old eBay accounts,  I'm not sure what goes on in other countries but in the UK we dump a lot of old computers and they end up being separated out at the local disposal centre and sold at auctions to many folks who ship them abroad to Africa as they are a cheap source of computer equipment, whats not taken very seriously is wiping or removing the hard disk drives and so many folks allow those in Nigeria and other places to steal the user data and passwords directly off their old machines and will end up scratching their heads as to the causes of such financial carnage, golden rule if you really don't want that old machine employ a decent hammer on the drives unless you have something else to reuse them in. 

Offline Pri

  • MX Hosts
  • *****
  • *****
Re: A Phishermans Tale
« Reply #2 on: November 28, 2014, 10:03:35 pm »
In early 2013 I was buying a CPU on ebay. Seller was in Greece listing it for a good price, about half retail and it was used so it wasn't suspicious. I paid him through ebay using paypal like normal and he kept telling me he was going to post the item but he never did. On the 5th day of waiting for him to post it he refunded me the money and told me to pay him through another PayPal account because of some "mixup".

Well if I did that I would lose my buyer protection with ebay so I cancelled. I reported him to ebay and they closed his account as he was scamming multiple people on there the same way. He would refund you the money to both give you confidence he was trustworthy and negate the ebay sale and then once you transferred the money to this other account you would lose buyer protection and he would take the money and run.

These fraudsters are annoying. Glad I never fell for it. I later got the CPU I wanted on ebay for the same price but from a local UK seller instead.

Re: A Phishermans Tale
« Reply #3 on: November 28, 2014, 10:55:42 pm »
Most of the stuff i get from ebay I choose local so i can pick it up. Otherwise they need to have a few hundred sales and decent feedback before I'll bid.

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  A Phishermans Tale

©2005-2024 All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.023 seconds with 23 queries.
Helios Multi © Bloc
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!