Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / Careful with new eBay exploit...

Author
Message
DARKGuy
20
Years of Service
User Offline
Joined: 28th Nov 2003
Location:
Posted: 6th Sep 2005 01:52
Link
I got this in my spam email box in Yahoo... but some might not even notice it's an exploit alert, so here I'm going to explain what did I do...

Finding this in my spam email box, I read the message and decided to have some little fun. I'm going to explain here in steps what does this exploit do.

1. It sends you a mail that looks like this (hilarious thing is that I'm not any eBay user, LOL!)


2. When you open it, it shows like this (sorry for the mouse cursor in the "Verify your ID" link ).


2. When you click it, it redirects you to ANOTHER non-eBay place, take a look at the address bar at the top


3. I wanted to have some fun, so I tried to fool it placing "asd" in both fields...


4. It worked as expected, new form appeared, so I filled the fields accordingly. The credit card number isn't even a fake one, if you look at the source code of the page you'll notice it has the credit card number validator on there, I just had to experiment with it to figure out some valid number this thing could take, and it worked. I'm not allowing it to be seen here as I don't want to create problems, but to save people from a possible one.


5. Worked as expected, and tells you the info you entered was alright, then if you click "Go To Home Page" it sends you to http://www.ebay.com


...just wanted to contribute something, and alert you people of this thing


http://dbfree.dbspot.com/ <- DB Freebie Archive! Royalty-free media for your games! FREE!
Back to top
Profile PM Email
Megaton Cat
21
Years of Service
User Offline
Joined: 24th Aug 2003
Location: Toronto, Canada
Posted: 6th Sep 2005 01:58
Link
Er...are you sure you didn't just give away someone else's credit card by accident...?


The future is here, and I can't afford it.
Back to top
Profile PM Email Website
DARKGuy
20
Years of Service
User Offline
Joined: 28th Nov 2003
Location:
Posted: 6th Sep 2005 02:01
Link
Not really, I got angry with the system and found a site that had some numbers that followed the aglorithm, but I'm not gonna post it here <_< either way, had to make this thing work, and all the info was a lie. , besides, what card would have 1234 as ID number? XD


http://dbfree.dbspot.com/ <- DB Freebie Archive! Royalty-free media for your games! FREE!
Back to top
Profile PM Email
UnderLord
21
Years of Service
User Offline
Joined: 2nd Aug 2003
Location:
Posted: 6th Sep 2005 02:02
Link
Uhh megaton even if the card number he did use was real the pin and ident number are 99.99999999% not real or wrong. Peace.

When we talk to god, we're praying. When god talks to us, we're schizophrenic.
Fortune never calls on those that have no balls.
Back to top
Profile PM
TDP Enterprises
19
Years of Service
User Offline
Joined: 28th Mar 2005
Location: on or in front of my computer
Posted: 6th Sep 2005 05:00
Link
they did a resanble job with the site design, but the adress bar is a dead giveaway.

“A lot of people approach risk as if it’s the enemy when it’s really fortune’s accomplice” - Sting“
Back to top
Profile PM
DARKGuy
20
Years of Service
User Offline
Joined: 28th Nov 2003
Location:
Posted: 6th Sep 2005 05:23
Link
They can't even fake it anyways


http://dbfree.dbspot.com/ <- DB Freebie Archive! Royalty-free media for your games! FREE!
Back to top
Profile PM Email
Jeku
Moderator
21
Years of Service
User Offline
Joined: 4th Jul 2003
Location: Vancouver, British Columbia, Canada
Posted: 6th Sep 2005 10:19
Link
It's called a phishing scam. I created a thread about this in the past, and even closed one of the sites down in the process. I believe Raven also started a thread about it.

I'm not looking forward to when they can figure out how to spoof the address bar to use ebay.com

Back to top
Profile PM Website
Torrey
20
Years of Service
User Offline
Joined: 20th Aug 2004
Location: New Jersey
Posted: 6th Sep 2005 10:39 Edited at: 6th Sep 2005 10:39
Link
Quote: "I'm not looking forward to when they can figure out how to spoof the address bar to use ebay.com"


You're too late, this is already possible. I think it was discovered sometime early last year on how to do it.

The best audio plugin for DarkBASIC Pro!
Plays Ogg Vorbis,MP3,FLAC,uncompressed WAV,AIFF,MOD,S3M,XM,and IT files.
Back to top
Profile PM Email
David T
Retired Moderator
22
Years of Service
User Offline
Joined: 27th Aug 2002
Location: England
Posted: 6th Sep 2005 10:50
Link
They did it by putting a special 'invisible' character in the address bar. Can't be done any more, IE7 solves the problem with a new URL parsing tool called CURI.

"A book. If u know something why cant u make a kool game or prog.
come on now. A book. I hate books. book is stupid. I know that I need codes but I dont know the codes"
Back to top
Profile PM Email Website
BatVink
Moderator
21
Years of Service
User Offline
Joined: 4th Apr 2003
Location: Gods own County, UK
Posted: 6th Sep 2005 13:14
Link
That is the best looking, most professional Phishing Mail I have seen. The only "weird" bit is the apology at the end.

Personally, I never follow a link in an email, I always go to the login page manually.

Back to top
Profile PM Email
Torrey
20
Years of Service
User Offline
Joined: 20th Aug 2004
Location: New Jersey
Posted: 6th Sep 2005 13:28
Link
Tracing that server IP leads to Asia. Which is probably not where the author of that site is from, and most likely they'll never find him because if he's smart he'll use proxy servers.

I wouldn't mind knowing how much money that guy made off the scam, even though I'd probably never find out.

The best audio plugin for DarkBASIC Pro!
Plays Ogg Vorbis,MP3,FLAC,uncompressed WAV,AIFF,MOD,S3M,XM,and IT files.
Back to top
Profile PM Email
spooky
22
Years of Service
User Offline
Joined: 30th Aug 2002
Location: United Kingdom
Posted: 6th Sep 2005 15:32 Edited at: 6th Sep 2005 15:33
Link
To see a clever ebay scam where they popup a floating layer over top of address bar so you think it's ebay, try:

http://218.8.252.73/image/.../

** ABOVE LINK IS ACTUAL SCAM SITE SO DONT FILL IN YOUR DETAILS THERE!!! **

Only works in IE though as it uses a special hack called a chromeless window, where you open a fullscreen window and resize it.

They try their hardest but surely people are not that stupid to fall for these scams.

Boo!
Back to top
Profile PM Website
DARKGuy
20
Years of Service
User Offline
Joined: 28th Nov 2003
Location:
Posted: 6th Sep 2005 17:02
Link
That's curious, in Firefox, the "Be sure the Web site address you see above starts with https://signin.ebay.com/" ends up being hilarious xD but in IE... that dude's a damn cheater, even though it didn't worked (fake url appeared right BELOW the true one XD)... let's hope IE7 fixes that... -_-


http://dbfree.dbspot.com/ <- DB Freebie Archive! Royalty-free media for your games! FREE!
Back to top
Profile PM Email
xtom
22
Years of Service
User Offline
Joined: 26th Aug 2002
Location: Ireland
Posted: 6th Sep 2005 17:05
Link
The sad thing is there are probably many people out there who will get scammed by something like this.


3D Object Viewer - Models/BSP/Terrains
Back to top
Profile PM Website
DARKGuy
20
Years of Service
User Offline
Joined: 28th Nov 2003
Location:
Posted: 6th Sep 2005 17:06
Link
That's why I'm putting this here... <.< and maybe in my new site :/ gotta spread it around...


http://dbfree.dbspot.com/ <- DB Freebie Archive! Royalty-free media for your games! FREE!
Back to top
Profile PM Email
Killswitch
22
Years of Service
User Offline
Joined: 2nd Oct 2002
Location: School damnit!! Let me go!! PLEASE!!!
Posted: 6th Sep 2005 18:12
Link
As it happens people are becomming quite aware of Phising scams, seeing as they're becomming so common.

~It's a common mistake to make, the rules of the English langauge do not apply to insanity~
Back to top
Profile PM Email
DARKGuy
20
Years of Service
User Offline
Joined: 28th Nov 2003
Location:
Posted: 6th Sep 2005 18:16
Link
Maybe because they don't know how to do them right anymore? either way, it'd be good if that site gets down, the sooner the better.


http://dbfree.dbspot.com/ <- DB Freebie Archive! Royalty-free media for your games! FREE!
Back to top
Profile PM Email
Phaelax
DBPro Master
21
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 6th Sep 2005 20:48
Link
Have you notified ebay about this?

Your signature has been erased by a mod because it's larger than 600x120...
Back to top
Profile PM Email Website
Hawkeye
21
Years of Service
User Offline
Joined: 19th Sep 2003
Location: SC, USA
Posted: 6th Sep 2005 21:09 Edited at: 6th Sep 2005 21:13
Link
Hmmm, that has to be the most pro looking pishing scam I've ever seen.. it had me going until I saw the url of the location. The only thing that sparked alarm bells in my head was the strange formatting of the email, generally people put more line breaks in such emails.

Final analysis: I wouldn't fall for it, but my parents would in a heartbeat


edit: ah never mind, I just noticed all the nasty exclimation points in the adress. Only teh evil h4x0rz lot would use triple exclimation points like that !!!


Arrr! Blog spotted off ter starboard!
Back to top
Profile PM Email Website
Neofish
20
Years of Service
User Offline
Joined: 7th Apr 2004
Location: A swimming pool of coke
Posted: 6th Sep 2005 21:13
Link
I didn't think the " !!!" at the end of the subject was very professional

Back to top
Profile PM Email Website
RegenProZ
19
Years of Service
User Offline
Joined: 20th Aug 2005
Location:
Posted: 7th Sep 2005 10:23
Link
Ebay will never email you, asking you to click on a link, that asks for any of your information, espacially Credit Card.

Take their I.P, Trace it, and report it.

"Why do people depend on each other? In the end you're on your own." - Squall
Back to top
Profile PM Email
Torrey
20
Years of Service
User Offline
Joined: 20th Aug 2004
Location: New Jersey
Posted: 7th Sep 2005 10:59
Link
I always get a lot of phishing scams titled "eBay TKO Notice" or something similar in my email, but they always get deleted instantly after I see them.

Where did the hackers get the "TKO" from? eBay has never sent me a real email with the letters TKO in it, nor have I heard about it from someone else.

The best audio plugin for DarkBASIC Pro!
Plays Ogg Vorbis,MP3,FLAC,uncompressed WAV,AIFF,MOD,S3M,XM,and IT files.
Back to top
Profile PM Email
DARKGuy
20
Years of Service
User Offline
Joined: 28th Nov 2003
Location:
Posted: 7th Sep 2005 11:27
Link
"TKO"? that's some strange... "word" there :/

Anyways, he's reported, yay .


http://dbfree.dbspot.com/ <- DB Freebie Archive! Royalty-free media for your games! FREE!
Back to top
Profile PM Email
Torrey
20
Years of Service
User Offline
Joined: 20th Aug 2004
Location: New Jersey
Posted: 7th Sep 2005 12:02
Link
Another interesting note, if you notice in the initial URL in that screen shot there is the word "gotovo" this is the russian word for "ready".

My family is Croatian, the word they use for "ready" is "gotov". One letter difference between the two, but I can bet the guy is of slavic origin.

The best audio plugin for DarkBASIC Pro!
Plays Ogg Vorbis,MP3,FLAC,uncompressed WAV,AIFF,MOD,S3M,XM,and IT files.
Back to top
Profile PM Email
Back to top

Login to post a reply

Server time is: 2024-11-15 19:19:28
Your offset time is: 2024-11-15 19:19:28