I don't do much with ebay, buying or selling, and I don't have any kind
of monetary account with them.
Every week, I'd guess I average 60 scams about my PayPal or Ebay
accounts being screwed up. I don't have accounts with either, of
course.
It is relentless, and, for whatever reason, AOL's spam filters don't
catch them.
I'm basically just curious as to whether or not ebay itself has any
kind of active program against this sort of activity. It sure isn't
effective, if they do.
It's getting worse. I'm not usre if you're familiar with craigslist but
here in the SF bay area and other regions around the us it's a very
popular free classifieds site. They now have scammers.
I placed a few pieces on there for sale. Within an hour I recieved 3
responses, all of them scams, all the same scam. They wanted to send me
a money order or cahsiers check and they have their own shipper. It
seemed suspicious so I check around for fraud alerts and there it was.
In fact one of the samples was verbatim to one of the emails I
recieved. The basics are that they send you a cashiers check or money
order that you bank will accept but will later reject once they find
its fake. By that time you have already shipped the product.
In an added twist, they sometimes claim they have a "client" that is
willing to pay more than you are asking. In order to expidite, they
have the client send you the cashiers chek or money order directly and
ask you to send them the difference.
Swingman wrote:
> "Charlie Self" wrote in message
>
> > I'm basically just curious as to whether or not ebay itself has any
> > kind of active program against this sort of activity. It sure isn't
> > effective, if they do.
>
> Since it's third parties who are doing the spamming/phishing, eBay has no
> control whatsoever over it.
>
> Just imagine, if you will, what it's like if you run a mail server or two
> ... all this crap goes to _every_ e-mail address on the servers. It's past
> the point where a small company can afford the bandwidth/cpu cycles to keep
> up with it.
>
> Another interesting thing is to take a look at just one day of a server's
> logs ... there's a war going on that you never hear about, mostly emanating
> from the Pacific Rim/China and the old Eastern Bloc countries.
>
> I'd gladly supply the rope to hang a few of these idiots in the public
> square if you can catch'em.
Seems to me that there should be some kind of internaitonal cooperation
on catching, and punishing, these people. I don't see anyone who is
very bright falling for their cons, but the damned things are super
annoying, almost as annoying as the new variants on the Nigerian scam.
John Emmons wrote:
> They have a "spoof" team that allegedly checks into each and every one of
> those "your account may have been compromised" type of scams. Send any
> suspect emails to them. Can't hurt I suppose.
>
> I don't see how they can really do all that much, they can't control every
> ISP in the world. Unless and until the ISP's figure out some way to go after
> their users for attempted fraud, I don't see any real solutions. It's
> already against the law so more laws won't solve it. Perhaps life
> imprisonment for internet fraud would do the trick.
>
Better to give them a choice. Duct tape their gonads to the parapet on
a 10 story building, then hang them over the parapet wall. Their choice
as to what they do. Pull the tape or hang their in agony forever.
Puts new meaning into the phrase, "How they hanging?"
Doug Miller wrote:
> In article <[email protected]>, "Charlie Self" <[email protected]> wrote:
>
> >I'm basically just curious as to whether or not ebay itself has any
> >kind of active program against this sort of activity. It sure isn't
> >effective, if they do.
>
> Well, let's see... the spams are being sent by people with no connection to
> eBay, from servers that don't belong to eBay... what on earth do you suppose
> eBay could be doing to stop it?
>
Dunno. There were some reports about follow-ups and prosecutions some
time ago, but those petered out. Nothing since and the amount of crap
has risen. Seems like ebay has taken on the con status of E. Podunk
Third National Bank for a "Your account is going to be closed out if
you don't send us all your info immediately" subjects. I'd be curious
to know if they've even checked to see if there is anything they can do.
In article <[email protected]>,
Lee Michaels <[email protected]> wrote:
>I don't spend any time reading spam. But in the little time it takes me to
>delete the crap, I can often spot grammar errors in just the first sentence
>or two. English is obviously not their first language.
>
Actually, many of the grammar/spelling errors are _deliberate_. So that
the 'erroneous' construct will not match the patterns used by tools that
block traffic based on the 'correct' words/phrases.
In article <[email protected]>,
Charlie Self <[email protected]> wrote:
>
>
>Doug Miller wrote:
>> In article <[email protected]>,
>"Charlie Self" <[email protected]> wrote:
>>
>> >I'm basically just curious as to whether or not ebay itself has any
>> >kind of active program against this sort of activity. It sure isn't
>> >effective, if they do.
>>
>> Well, let's see... the spams are being sent by people with no connection to
>> eBay, from servers that don't belong to eBay... what on earth do you suppose
>> eBay could be doing to stop it?
>>
>
>Dunno. There were some reports about follow-ups and prosecutions some
>time ago, but those petered out. Nothing since and the amount of crap
>has risen. Seems like ebay has taken on the con status of E. Podunk
>Third National Bank for a "Your account is going to be closed out if
>you don't send us all your info immediately" subjects. I'd be curious
>to know if they've even checked to see if there is anything they can do.
>
There are the following issues with regard to _any_ "phishing" scam:
1) identifying the perpetrator(s)
2) figuring out what legal jurisdiction(s) they are in
3) figuring out what, IF ANY, _crime_, the 'misrepresented solicitation' is
in *THAT* jurisdiction. (national? provincial? municipal?)
4) figuring out what language the authorities there speak, to report the
criminal act.
5) figuring out who to file the criminal complaint with.
6) figuring out how to get _them _to_ prosecute.
Similar issues apply with regard to getting the web-site knocked down, when
*it* is off-shore. unless eBay is registered to do business in _that_
jurisdiction, they can't even claim trademark protection *there*.
Even in the U.S. I'm not sure what crime it is, **IF ANY**, to trick somebody
into revealing 'sensitive' account information. To -use- that information
once you have it is definitely a crime -- any of several sorts, depending on
the use to which that information was put.
This leaves trademark misrepresentation and/or 'dilution of trademark' as
possible avenues.
In article <[email protected]>,
Lee Michaels <[email protected]> wrote:
>
>"Robert Bonomi" <[email protected]> wrote in message
>news:[email protected]...
>> In article <[email protected]>,
>> Lee Michaels <[email protected]> wrote:
>>>I don't spend any time reading spam. But in the little time it takes me to
>>>delete the crap, I can often spot grammar errors in just the first
>>>sentence
>>>or two. English is obviously not their first language.
>>>
>>
>> Actually, many of the grammar/spelling errors are _deliberate_. So that
>> the 'erroneous' construct will not match the patterns used by tools that
>> block traffic based on the 'correct' words/phrases.
>>
>
>While we are on this topic, any recommendations for a spam filter? I have
>been using spam sleuth up till last week when it mysteriously stopped
>working. I have been unable to raise any kind of help from the company
>either.
Answers for that depend on the platform. And whether you have control of
the mailserver, or can only do 'filtering' when you read your inbox.
Good freeware tools include "MIMEdefang", and Spamassassin". You may hae
to rummage for a while to find an implementation varient that fits your
platform and method of use.
Google is your friend.
In article <[email protected]>,
Woodchuck Bill <[email protected]> wrote:
>[email protected] (Robert Bonomi) wrote in
>news:[email protected]:
>
>> Even in the U.S. I'm not sure what crime it is, **IF ANY**, to
>> trick somebody into revealing 'sensitive' account information.
>
>Isn't unsolicited, commercial spam e-mail considered a crime in some
>jurisdictions now?
for 'unsolicited, commercial spam e-mail',_in_and_of_itself_, the answer
is "No". It may be an actionable 'civil tort', however.
Sending email _can_ be a criminal offense, if there are specific
characteristics of that message that meet other specifictions in law.
>> To
>> -use- that information once you have it is definitely a crime --
>> any of several sorts, depending on the use to which that
>> information was put.
>
>Yeah, but by that time the crooks can be in the clear...leaving only a
>very blurry, multi-offshore-jurisdiction trail behind.
Yuppers. tracing back to the perps _is_ a problem.
In article <[email protected]>,
Lee Gordon <[email protected]> wrote:
><<Even in the U.S. I'm not sure what crime it is, **IF ANY**, to trick
>somebody
>into revealing 'sensitive' account information. To -use- that information
>once you have it is definitely a crime -- any of several sorts, depending on
>the use to which that information was put.>>
>
>Sure sounds like fraud to me.
"Fraud", 'bunco', etc. almost invariably require that the victim have
had something "taken" from them -- something that they thereby _no_longer_
_have_the_use_of_. "
Information theft -- where material is 'merely' "copied" -- is a "different
kettle of fish".
*IF* the information is provided 'voluntarily', it's hard to argue that it
was 'stolen'.
"Deception" to cause someone to disclose information, is relatively uncharted
waters.
In article <[email protected]>,
Swingman <[email protected]> wrote:
>"Robert Bonomi" wrote in message
>
>> "Fraud", 'bunco', etc. almost invariably require that the victim have
>> had something "taken" from them -- something that they thereby _no_longer_
>> _have_the_use_of_. "
>
>Howdy Robert,
>
>What about "theft of services" ... as in unauthorized use of bandwidth and
>cpu cycles needed to process the spam that are subsequently no longer
>available to your customers?
Wishful thinking, I'm afraid.
In general, law holds out that if you make a service/facility available to
the 'world at large', you have to give 'actual notice' to the specific party
that you wish to prohibit from using tat service/facility. "Notice by
publication" is _not_ sufficient -- you have to be able to show that they
actually *read* that notice, and ignored it.
Similar issue/problem with a civil suit for the common-law tort of 'trespass
to chattel' -- which *has* been used successfully against spammers.
>Having to increase and pay for additional, and expensive, bandwidth due to
>the increased volume of spam is most definitely a financial burden for
>smaller companies and has the same bottom line result as outright theft.
>DAMHIKT
Yes, the _effect_ is virtually indistinguishable. Unfortunately the law
does not regard the 'cause' as equivalent.
In article <[email protected]>,
SonomaProducts.com <[email protected]> wrote:
> I placed a few pieces on there for sale. Within an hour I recieved 3
> responses, all of them scams, all the same scam. They wanted to send me
> a money order or cahsiers check and they have their own shipper. It
> seemed suspicious so I check around for fraud alerts and there it was.
> In fact one of the samples was verbatim to one of the emails I
> recieved. The basics are that they send you a cashiers check or money
> order that you bank will accept but will later reject once they find
> its fake. By that time you have already shipped the product.
Check out <http://www.scamorama.com/>
The only reason these thieves are out there is that people are more
greedy than they are smart.
djb
--
~ Stay Calm... Be Brave... Wait for the Signs ~
------------------------------------------------------
One site: <http://www.balderstone.ca>
The other site, with ww links<http://www.woodenwabbits.com>
Charlie Self wrote:
>
> Swingman wrote:
>
>>"Charlie Self" wrote in message
>>
>>
>>>I'm basically just curious as to whether or not ebay itself has any
>>>kind of active program against this sort of activity. It sure isn't
>>>effective, if they do.
>>
>>Since it's third parties who are doing the spamming/phishing, eBay has no
>>control whatsoever over it.
>>
>>Just imagine, if you will, what it's like if you run a mail server or two
>>... all this crap goes to _every_ e-mail address on the servers. It's past
>>the point where a small company can afford the bandwidth/cpu cycles to keep
>>up with it.
>>
>>Another interesting thing is to take a look at just one day of a server's
>>logs ... there's a war going on that you never hear about, mostly emanating
>>from the Pacific Rim/China and the old Eastern Bloc countries.
>>
>>I'd gladly supply the rope to hang a few of these idiots in the public
>>square if you can catch'em.
>
>
> Seems to me that there should be some kind of internaitonal cooperation
> on catching, and punishing, these people. I don't see anyone who is
> very bright falling for their cons, but the damned things are super
> annoying, almost as annoying as the new variants on the Nigerian scam.
>
Best idea I've seen is a law that penalizes the spammers $1.00 for each
offense. That means for each contact: send a million, spend a million.
Of course we need some leverage with ISPs to uncover them.
Bob
On Thu, 14 Jul 2005 11:24:22 -0500, Swingman <[email protected]> wrote:
> "Charlie Self" wrote in message
>
>> I'm basically just curious as to whether or not ebay itself has any
>> kind of active program against this sort of activity. It sure isn't
>> effective, if they do.
>
> Since it's third parties who are doing the spamming/phishing, eBay has no
> control whatsoever over it.
Right. They can do what's called "whack-a-mole" and react to each one,
or they can try to educate their customers that they'll never send mail
to verify accounts.
> Just imagine, if you will, what it's like if you run a mail server or two
> ... all this crap goes to _every_ e-mail address on the servers. It's past
> the point where a small company can afford the bandwidth/cpu cycles to keep
> up with it.
Well, they can always hire a consultant to set up spamassassin and or
RBL checking for them...
> Another interesting thing is to take a look at just one day of a server's
> logs ... there's a war going on that you never hear about, mostly emanating
> from the Pacific Rim/China and the old Eastern Bloc countries.
I block entire continents these days, for that reason.
> I'd gladly supply the rope to hang a few of these idiots in the public
> square if you can catch'em.
I'll supply the marksmanship and ammunition. Standing/unlimited offer.
On Thu, 14 Jul 2005 13:51:43 -0400, Lee Michaels <[email protected]> wrote:
>
> While we are on this topic, any recommendations for a spam filter? I have
> been using spam sleuth up till last week when it mysteriously stopped
> working. I have been unable to raise any kind of help from the company
> either.
I subscribe to spamcop.net for 30 bucks a year, they block 98 or 99% of
the crap that would normally get to me. Another approach is to have a
whitelist set up - zaep from rhinosoft.com is great, if you have windows
and an always-on network connection. Once you (or they) whitelist a
sender, their mail comes right through; new ones need to be approved by
either you or, if you want, them. Unless your friends turn into
spammers, that should block 100% of it.
Swingman wrote:
>
> "Robert Bonomi" wrote in message
>
> > "Fraud", 'bunco', etc. almost invariably require that the victim have
> > had something "taken" from them -- something that they thereby _no_longer_
> > _have_the_use_of_. "
>
> Howdy Robert,
>
> What about "theft of services" ... as in unauthorized use of bandwidth and
> cpu cycles needed to process the spam that are subsequently no longer
> available to your customers?
>
> Having to increase and pay for additional, and expensive, bandwidth due to
> the increased volume of spam is most definitely a financial burden for
> smaller companies and has the same bottom line result as outright theft.
...
Yes, it's real but impossible to prosecute successfully... :(
Many of those phishing emails look convincingly real. However, one dead
giveaway, as you pointed out, is when they threaten to cancel an account you
never actually had. To avoid having my real email address read by crawlers
and bots and added to a million spammers' lists, I have for years been using
the fake e-mail address shown in the header of this message. It was only in
the last month or so that I actually created a real account using that
address just to see how much unsolicited crap would start coming my way.
The day I activated the address I got about a dozen pieces of garbage
e-mail, 8 of which were bogus eBay and PayPal notices.
A while back I did forward one or two of these phishing emails to
[email protected] or [email protected] and I started getting deluged with
(legitimate) confirmations for each one I sent them. I got 1 or 2 a day for
about a week, so I finally stopped forwarding the crap to the spoof police.
Lee
--
To e-mail, replace "bucketofspam" with "dleegordon"
On Thu, 14 Jul 2005 13:18:21 -0500, Duane Bozarth
<[email protected]> wrote:
>Edwin Pawlowski wrote:
>>
>...re phishing...
>
>> ... They do look legitimate
>
>I can't conceive to whom in the world they could possibly "look
>legitimate".
>
>I am absolutely amazed that <anyone>, <anywhere>, <ever> responded to
>any of this... :(
I know a woman, a loan officer at a mortgage company, no less, who did
just that. blew me away.
<<Even in the U.S. I'm not sure what crime it is, **IF ANY**, to trick
somebody
into revealing 'sensitive' account information. To -use- that information
once you have it is definitely a crime -- any of several sorts, depending on
the use to which that information was put.>>
Sure sounds like fraud to me.
Lee
--
To e-mail, replace "bucketofspam" with "dleegordon"
<<Actually, many of the grammar/spelling errors are _deliberate_. So that
the 'erroneous' construct will not match the patterns used by tools that
block traffic based on the 'correct' words/phrases.>>
I seem to get dozens of emails every week informing me that the mortgage
application they imply I have filed with them has now been approved and
asking me what I'm waiting for. I am so sorely tempted to reply to them
(but of course I'm not going to) that because their email to me is so
sloppy -- littered with spelling and typographical errors -- I feel I can't
trust them to properly attend to the details of my finances so I will be
taking my business elsewhere <g>
Lee.
--
To e-mail, replace "bucketofspam" with "dleegordon"
<<I can't conceive to whom in the world they could possibly "look
legitimate".>>
Some of them look amazingly convincing -- right down to the part where they
include the actual links to fraud reporting departments of the entities they
are spoofing.
Lee
--
To e-mail, replace "bucketofspam" with "dleegordon"
"John Emmons" <[email protected]> wrote in message
news:[email protected]...
> What I don't understand is why anyone would ship something before a
> "certified" check actually clears? I don't mean after it's been deposited,
> I
> mean after it clears and the actual money is in your account. Or else
> simply
> call the issuing bank and confirm the authenticity of the check and the
> funds.
A lot of people think that a certified or cashier's check is like gold and
is going to clear. The will if they are not counterfiet.
>
> The "I'll pay you more than the asking price if you'll send me back the
> extra money" is my favorite.
Do you have change of a $40 bill? Just give me three tens and wi'll call it
even. Greed is a wonderful motivator.
Charlie Self wrote:
> I don't do much with ebay, buying or selling, and I don't have any kind=
> of monetary account with them.
>=20
> Every week, I'd guess I average 60 scams about my PayPal or Ebay
> accounts being screwed up. I don't have accounts with either, of
> course.
>=20
> It is relentless, and, for whatever reason, AOL's spam filters don't
> catch them.
>=20
> I'm basically just curious as to whether or not ebay itself has any
> kind of active program against this sort of activity. It sure isn't
> effective, if they do.
>=20
Look for the "Busted up Cowgirl" Link a little way down the page.
http://pmccl.com/security/security.html
The world's funniest description of e-Bay scammers and the 419 scam...
--=20
Will R.
Jewel Boxes and Wood Art
http://woodwork.pmccl.com
The power of accurate observation is commonly called cynicism by those=20
who have not got it.=94 George Bernard Shaw
"Duane Bozarth" <[email protected]> wrote in message
news:[email protected]...
> Edwin Pawlowski wrote:
>>
> ...re phishing...
>
>> ... They do look legitimate
>
> I can't conceive to whom in the world they could possibly "look
> legitimate".
>
> I am absolutely amazed that <anyone>, <anywhere>, <ever> responded to
> any of this... :(
Millions of unsuspecting people out there. If you go to the web page they
link you to, the logos and text are generally stolen from the real web page.
Just because people own a computer it does not make them smarter than the
ones that fall for the mail scams in official looking envelopes.
They have a "spoof" team that allegedly checks into each and every one of
those "your account may have been compromised" type of scams. Send any
suspect emails to them. Can't hurt I suppose.
I don't see how they can really do all that much, they can't control every
ISP in the world. Unless and until the ISP's figure out some way to go after
their users for attempted fraud, I don't see any real solutions. It's
already against the law so more laws won't solve it. Perhaps life
imprisonment for internet fraud would do the trick.
I've had some fun with some of the con artists by stringing them along but
all that does is show them where they made their mistakes. Their was at
least one fairly well know account of a guy who scammed one of the scammers
pretty well and I remember reading an account by a news reporter where he
tried to turn the tables on one of the "Nigerian" scam artists and then get
the guy to talk to him about it for the story.
There was also a piece on NPR about actions being taken by Nigerian
officials to try and stop the scams coming out of their country, during the
report one of the officials got a scam email...
John Emmons
"Charlie Self" <[email protected]> wrote in message
news:[email protected]...
> I don't do much with ebay, buying or selling, and I don't have any kind
> of monetary account with them.
>
> Every week, I'd guess I average 60 scams about my PayPal or Ebay
> accounts being screwed up. I don't have accounts with either, of
> course.
>
> It is relentless, and, for whatever reason, AOL's spam filters don't
> catch them.
>
> I'm basically just curious as to whether or not ebay itself has any
> kind of active program against this sort of activity. It sure isn't
> effective, if they do.
>
On 7/14/2005 1:41 PM Charlie Self mumbled something about the following:
>
> Swingman wrote:
>
>>"Charlie Self" wrote in message
>>
>>
>>>I'm basically just curious as to whether or not ebay itself has any
>>>kind of active program against this sort of activity. It sure isn't
>>>effective, if they do.
>>
>>Since it's third parties who are doing the spamming/phishing, eBay has no
>>control whatsoever over it.
>>
>>Just imagine, if you will, what it's like if you run a mail server or two
>>... all this crap goes to _every_ e-mail address on the servers. It's past
>>the point where a small company can afford the bandwidth/cpu cycles to keep
>>up with it.
>>
>>Another interesting thing is to take a look at just one day of a server's
>>logs ... there's a war going on that you never hear about, mostly emanating
>>from the Pacific Rim/China and the old Eastern Bloc countries.
>>
>>I'd gladly supply the rope to hang a few of these idiots in the public
>>square if you can catch'em.
>
>
> Seems to me that there should be some kind of internaitonal cooperation
> on catching, and punishing, these people. I don't see anyone who is
> very bright falling for their cons, but the damned things are super
> annoying, almost as annoying as the new variants on the Nigerian scam.
>
Ebay and Paypal (who is owned by Ebay) have a team that investigates
these fraudulent sites, but only if they're alerted to them. Since very
few people forward these emails to Ebay and Paypal, they are unaware
that a new fraud site has shown up. When you get one of these, forward
the email, headers and all to [email protected]
--
Odinn
RCOS #7
SENS(less)
SLUG
"The more I study religions the more I am convinced that man never
worshipped anything but himself." -- Sir Richard Francis Burton
Reeky's unofficial homepage ... http://www.reeky.org
'03 FLHTI ........... http://www.sloanclan.org/gallery/ElectraGlide
'97 VN1500D ......... http://www.sloanclan.org/gallery/VulcanClassic
Atlanta Biker Net ... http://www.atlantabiker.net
Vulcan Riders Assoc . http://www.vulcanriders.org
rot13 [email protected] to reply
SonomaProducts.com Wrote:
> It's getting worse. I'm not usre if you're familiar with craigslist but
> here in the SF bay area and other regions around the us it's a very
> popular free classifieds site. They now have scammers.
>
> I placed a few pieces on there for sale. Within an hour I recieved 3
> responses, all of them scams, all the same scam. They wanted to send
> me
> a money order or cahsiers check and they have their own shipper. It
> seemed suspicious so I check around for fraud alerts and there it was.
> In fact one of the samples was verbatim to one of the emails I
> recieved. The basics are that they send you a cashiers check or money
> order that you bank will accept but will later reject once they find
> its fake. By that time you have already shipped the product.
>
> In an added twist, they sometimes claim they have a "client" that is
> willing to pay more than you are asking. In order to expidite, they
> have the client send you the cashiers chek or money order directly and
> ask you to send them the difference.
This very thing happened to my wife and me. I got a really wierd vibe
from the potential buyer and told him I didn't want to sell the him our
brand new $1200.00 Asko washing machine. He literally flipped out on me
on the phone. I just thought I crossed paths with a damaged soul but
the above quote is identicle to what we experienced on Craigslist. We
have sold many things on Craigslist before with no problem, I guess as
with everything else in life you just need to really pay attention to
that little voice within.
--
Matisse
Gary wrote:
>
> NEVER, NEVER, NEVER...click on a link within an email thinking you're going
> to a legitimate log in screen. Always, close the email and log in on the
> secure webpage as you normally do.
I just wanted to reinforce what Gary wrote. I'm a computer programmer
in my day job. The emails these "phishers" send out often encourage
you to click a link to log in to ebay or PayPal or whatever, and the
link actually says "http://www.ebay.com/login" or something like that.
In HTML, you can have the text of a link say anything you want, but
the actual target of that link is something entirely different. So
while the link says http://www.ebay.com/login, the actual target is
http://user32.hypernet.ru/boris119/ebayscam/ or something.
Worse yet, there was a bug in Internet Explorer last year that let a
knowledgeable hacker exploit the browser so that the address bar at
the top of the page would actually say whatever they wanted, even
though the page was actually being displayed from a completely
different location! So if you clicked on a link in these phishers'
emails, your browser would go to a page that looked just like eBay's
login page, and the location bar of your browser would actually
say "www.ebay.com/login", but the page is actually coming from a
completely different location.
Be careful out there. Trust no one when it comes to your money.
Type in the address yourself, or use your bookmarks. Never trust
links in emails, even if they appear to be from trustworthy sources.
Kevin.
"Charlie Self" <[email protected]> wrote in message
>
> It is relentless, and, for whatever reason, AOL's spam filters don't
> catch them.
>
> I'm basically just curious as to whether or not ebay itself has any
> kind of active program against this sort of activity. It sure isn't
> effective, if they do.
Phishing is what it is called.
Not just those two, but Citi Bank, People's Bank, and a few others. Most are
caught in the SBC/Yahoo filters, but some get through. They do look
legitimate
I like the line "do not try to access your account for 48 hours until our
update is complete"
What I don't understand is why anyone would ship something before a
"certified" check actually clears? I don't mean after it's been deposited, I
mean after it clears and the actual money is in your account. Or else simply
call the issuing bank and confirm the authenticity of the check and the
funds.
The "I'll pay you more than the asking price if you'll send me back the
extra money" is my favorite.
I used that one myself on a guy who tried to scam me on a video camera I
wanted to buy. After confirming with several sources that he was scamming me
I offered to pay him twice what he wanted for the camera if he'd send me the
balance in cash...never heard back from him again...strange that.
John Emmons
"SonomaProducts.com" <[email protected]> wrote in message
news:[email protected]...
> It's getting worse. I'm not usre if you're familiar with craigslist but
> here in the SF bay area and other regions around the us it's a very
> popular free classifieds site. They now have scammers.
>
> I placed a few pieces on there for sale. Within an hour I recieved 3
> responses, all of them scams, all the same scam. They wanted to send me
> a money order or cahsiers check and they have their own shipper. It
> seemed suspicious so I check around for fraud alerts and there it was.
> In fact one of the samples was verbatim to one of the emails I
> recieved. The basics are that they send you a cashiers check or money
> order that you bank will accept but will later reject once they find
> its fake. By that time you have already shipped the product.
>
> In an added twist, they sometimes claim they have a "client" that is
> willing to pay more than you are asking. In order to expidite, they
> have the client send you the cashiers chek or money order directly and
> ask you to send them the difference.
>
on 7/14/2005 11:00 AM Charlie Self said the following:
> I don't do much with ebay, buying or selling, and I don't have any kind
> of monetary account with them.
>
> Every week, I'd guess I average 60 scams about my PayPal or Ebay
> accounts being screwed up. I don't have accounts with either, of
> course.
>
> It is relentless, and, for whatever reason, AOL's spam filters don't
> catch them.
>
> I'm basically just curious as to whether or not ebay itself has any
> kind of active program against this sort of activity. It sure isn't
> effective, if they do.
It's pretty hard for Ebay/PayPal to do much of anything other than warn
their users of the fraud. That's why we (who use Ebay and PayPal)
constant reminders that they will never contact us asking for
information, etc. YOU, the customer, has to initiate the contact.
These scams, otherwise known as "phishing" are getting quite
sophisticated in some respects, yet childish, in others. While the
graphics and fake websites look like the real deal, the language
employed can be pretty funny. If you received one of these this
morning, as I did, you know what I'm talking about.
AOL's spam filters, Thunderbird's spam filters, and most others seem to
miss this stuff and so I just keep hitting delete after looking to see
what these idiots have come up with THIS time<g>
When you take the time to trace these things back to their point of
origin, typically it's off-shore in some third world hell hole or the
former USSR (same difference, I guess) or they dead-end at some
anonymizer, again, off shore.
"Charlie Self" <[email protected]> wrote in
news:[email protected]:
>
>
> John Emmons wrote:
>> They have a "spoof" team that allegedly checks into each and
>> every one of those "your account may have been compromised" type
>> of scams. Send any suspect emails to them. Can't hurt I suppose.
>>
>> I don't see how they can really do all that much, they can't
>> control every ISP in the world. Unless and until the ISP's figure
>> out some way to go after their users for attempted fraud, I don't
>> see any real solutions. It's already against the law so more laws
>> won't solve it. Perhaps life imprisonment for internet fraud
>> would do the trick.
>>
>
> Better to give them a choice. Duct tape their gonads to the
> parapet on a 10 story building, then hang them over the parapet
> wall. Their choice as to what they do. Pull the tape or hang their
> in agony forever.
Remind me to never get on your bad side, Charlie. ;-)
> Puts new meaning into the phrase, "How they hanging?"
Indeed.
--
Bill
[email protected] (Robert Bonomi) wrote in
news:[email protected]:
> Even in the U.S. I'm not sure what crime it is, **IF ANY**, to
> trick somebody into revealing 'sensitive' account information.
Isn't unsolicited, commercial spam e-mail considered a crime in some
jurisdictions now?
> To
> -use- that information once you have it is definitely a crime --
> any of several sorts, depending on the use to which that
> information was put.
Yeah, but by that time the crooks can be in the clear...leaving only a
very blurry, multi-offshore-jurisdiction trail behind.
--
Bill
Kevin <[email protected]> wrote in
news:[email protected]:
> Gary wrote:
> >
>> NEVER, NEVER, NEVER...click on a link within an email thinking you're
>> going to a legitimate log in screen. Always, close the email and log
>> in on the secure webpage as you normally do.
>
>
> I just wanted to reinforce what Gary wrote. I'm a computer programmer
> in my day job. The emails these "phishers" send out often encourage
> you to click a link to log in to ebay or PayPal or whatever, and the
> link actually says "http://www.ebay.com/login" or something like that.
> In HTML, you can have the text of a link say anything you want, but
> the actual target of that link is something entirely different. So
> while the link says http://www.ebay.com/login, the actual target is
> http://user32.hypernet.ru/boris119/ebayscam/ or something.
>
> Worse yet, there was a bug in Internet Explorer last year that let a
> knowledgeable hacker exploit the browser so that the address bar at
> the top of the page would actually say whatever they wanted, even
> though the page was actually being displayed from a completely
> different location! So if you clicked on a link in these phishers'
> emails, your browser would go to a page that looked just like eBay's
> login page, and the location bar of your browser would actually
> say "www.ebay.com/login", but the page is actually coming from a
> completely different location.
>
> Be careful out there. Trust no one when it comes to your money.
> Type in the address yourself, or use your bookmarks. Never trust
> links in emails, even if they appear to be from trustworthy sources.
>
> Kevin.
>
The version of Firefox running on my machine warns me when the target
url: differs from what the html says. Or at least I think it does. I
get a pop-up box...
Patriarch
"Charlie Self" wrote in message
> I'm basically just curious as to whether or not ebay itself has any
> kind of active program against this sort of activity. It sure isn't
> effective, if they do.
Since it's third parties who are doing the spamming/phishing, eBay has no
control whatsoever over it.
Just imagine, if you will, what it's like if you run a mail server or two
... all this crap goes to _every_ e-mail address on the servers. It's past
the point where a small company can afford the bandwidth/cpu cycles to keep
up with it.
Another interesting thing is to take a look at just one day of a server's
logs ... there's a war going on that you never hear about, mostly emanating
from the Pacific Rim/China and the old Eastern Bloc countries.
I'd gladly supply the rope to hang a few of these idiots in the public
square if you can catch'em.
--
www.e-woodshop.net
Last update: 7/12/05
"Robert Bonomi" wrote in message
> "Fraud", 'bunco', etc. almost invariably require that the victim have
> had something "taken" from them -- something that they thereby _no_longer_
> _have_the_use_of_. "
Howdy Robert,
What about "theft of services" ... as in unauthorized use of bandwidth and
cpu cycles needed to process the spam that are subsequently no longer
available to your customers?
Having to increase and pay for additional, and expensive, bandwidth due to
the increased volume of spam is most definitely a financial burden for
smaller companies and has the same bottom line result as outright theft.
DAMHIKT
--
www.e-woodshop.net
Last update: 7/12/05
"Edwin Pawlowski" <[email protected]> wrote in message
news:RKxBe.2603$bw6.511@trndny03...
>
> "Charlie Self" <[email protected]> wrote in message
>>
>> It is relentless, and, for whatever reason, AOL's spam filters don't
>> catch them.
>>
>> I'm basically just curious as to whether or not ebay itself has any
>> kind of active program against this sort of activity. It sure isn't
>> effective, if they do.
>
> Phishing is what it is called.
>
> Not just those two, but Citi Bank, People's Bank, and a few others. Most
> are caught in the SBC/Yahoo filters, but some get through. They do look
> legitimate
>
> I like the line "do not try to access your account for 48 hours until our
> update is complete"
>
NEVER, NEVER, NEVER...click on a link within an email thinking you're going
to a legitimate log in screen. Always, close the email and log in on the
secure webpage as you normally do. I've had legitimate brokers and banks
actually try to get me to do this and I give their security department a
stern lecture each time. OBTW, NEVER click on a link to a login screen
within an email.
Gary
In article <[email protected]>, "Charlie Self" <[email protected]> wrote:
>I'm basically just curious as to whether or not ebay itself has any
>kind of active program against this sort of activity. It sure isn't
>effective, if they do.
Well, let's see... the spams are being sent by people with no connection to
eBay, from servers that don't belong to eBay... what on earth do you suppose
eBay could be doing to stop it?
--
Regards,
Doug Miller (alphageek at milmac dot com)
It's time to throw all their damned tea in the harbor again.
On Thu, 14 Jul 2005 12:42:30 -0500, Duane Bozarth
<[email protected]> wrote:
>Allan Matthews wrote:
>>
>...
>
>> They shut down several of these each day.
>
>Confirming data???
Only what they send me when I forward one of these to them and notice
a few hours later that the website the scammer tries to send me to is
no longer there.
Allan
I don't spend any time reading spam. But in the little time it takes me to
delete the crap, I can often spot grammar errors in just the first sentence
or two. English is obviously not their first language.
Isn't there a style or grammar guide for internet crooks?
How is that for an internet service? Editing services for spams, phishes
and various sundry con games?
On 14 Jul 2005 09:00:15 -0700, "Charlie Self" <[email protected]>
wrote:
>I don't do much with ebay, buying or selling, and I don't have any kind
>of monetary account with them.
>
>Every week, I'd guess I average 60 scams about my PayPal or Ebay
>accounts being screwed up. I don't have accounts with either, of
>course.
>
>It is relentless, and, for whatever reason, AOL's spam filters don't
>catch them.
>
>I'm basically just curious as to whether or not ebay itself has any
>kind of active program against this sort of activity. It sure isn't
>effective, if they do.
Forward all these to <[email protected]>
They shut down several of these each day.
"Robert Bonomi" wrote in message ...
> Swingman wrote:
> >"Robert Bonomi" wrote in message
> >
> >> "Fraud", 'bunco', etc. almost invariably require that the victim have
> >> had something "taken" from them -- something that they thereby
_no_longer_
> >> _have_the_use_of_. "
> >
> >Howdy Robert,
> >
> >What about "theft of services" ... as in unauthorized use of bandwidth
and
> >cpu cycles needed to process the spam that are subsequently no longer
> >available to your customers?
>
> Wishful thinking, I'm afraid.
>
> In general, law holds out that if you make a service/facility available to
> the 'world at large', you have to give 'actual notice' to the specific
party
> that you wish to prohibit from using tat service/facility. "Notice by
> publication" is _not_ sufficient -- you have to be able to show that they
> actually *read* that notice, and ignored it.
>
> Similar issue/problem with a civil suit for the common-law tort of
'trespass
> to chattel' -- which *has* been used successfully against spammers.
>
> >Having to increase and pay for additional, and expensive, bandwidth due
to
> >the increased volume of spam is most definitely a financial burden for
> >smaller companies and has the same bottom line result as outright theft.
> >DAMHIKT
>
> Yes, the _effect_ is virtually indistinguishable. Unfortunately the law
> does not regard the 'cause' as equivalent.
Thanks for the reasoned response ... I'll keep that rope handy just in case.
--
www.e-woodshop.net
Last update: 7/12/05
"Robert Bonomi" <[email protected]> wrote in message
news:[email protected]...
> In article <[email protected]>,
> Lee Michaels <[email protected]> wrote:
>>I don't spend any time reading spam. But in the little time it takes me to
>>delete the crap, I can often spot grammar errors in just the first
>>sentence
>>or two. English is obviously not their first language.
>>
>
> Actually, many of the grammar/spelling errors are _deliberate_. So that
> the 'erroneous' construct will not match the patterns used by tools that
> block traffic based on the 'correct' words/phrases.
>
While we are on this topic, any recommendations for a spam filter? I have
been using spam sleuth up till last week when it mysteriously stopped
working. I have been unable to raise any kind of help from the company
either.
Charlie Self wrote:
> I don't do much with ebay, buying or selling, and I don't have any kind
> of monetary account with them.
>
> Every week, I'd guess I average 60 scams about my PayPal or Ebay
> accounts being screwed up. I don't have accounts with either, of
> course.
>
> It is relentless, and, for whatever reason, AOL's spam filters don't
> catch them.
>
> I'm basically just curious as to whether or not ebay itself has any
> kind of active program against this sort of activity. It sure isn't
> effective, if they do.
>
[email protected]
Don't expect results--they're swamped with these things.
Bob
On 7/14/2005 1:39 PM Dave Hinz mumbled something about the following:
> On Thu, 14 Jul 2005 11:24:22 -0500, Swingman <[email protected]> wrote:
>
>>"Charlie Self" wrote in message
>>
>>
>>>I'm basically just curious as to whether or not ebay itself has any
>>>kind of active program against this sort of activity. It sure isn't
>>>effective, if they do.
>>
>>Since it's third parties who are doing the spamming/phishing, eBay has no
>>control whatsoever over it.
>
>
> Right. They can do what's called "whack-a-mole" and react to each one,
> or they can try to educate their customers that they'll never send mail
> to verify accounts.
>
>
>>Just imagine, if you will, what it's like if you run a mail server or two
>>... all this crap goes to _every_ e-mail address on the servers. It's past
>>the point where a small company can afford the bandwidth/cpu cycles to keep
>>up with it.
>
>
> Well, they can always hire a consultant to set up spamassassin and or
> RBL checking for them...
Even with RBLs and spamassassin, a lot of these get through just fine.
Too many kiddies put up linux boxes with wide open SMTP relays and
spammers find these as fast as they show up. I use 8 different RBLs,
including maintaining one of my own, and I still get an avg of 5-10 spam
emails a day coming through my mail server.
>
>
>>Another interesting thing is to take a look at just one day of a server's
>>logs ... there's a war going on that you never hear about, mostly emanating
>>from the Pacific Rim/China and the old Eastern Bloc countries.
>
>
> I block entire continents these days, for that reason.
Blocking entire continents only prevents them from sending directly to
you. They still get through those open SMTP relays that show up daily.
>
>
>>I'd gladly supply the rope to hang a few of these idiots in the public
>>square if you can catch'em.
>
>
> I'll supply the marksmanship and ammunition. Standing/unlimited offer.
>
--
Odinn
RCOS #7
SENS(less)
SLUG
"The more I study religions the more I am convinced that man never
worshipped anything but himself." -- Sir Richard Francis Burton
Reeky's unofficial homepage ... http://www.reeky.org
'03 FLHTI ........... http://www.sloanclan.org/gallery/ElectraGlide
'97 VN1500D ......... http://www.sloanclan.org/gallery/VulcanClassic
Atlanta Biker Net ... http://www.atlantabiker.net
Vulcan Riders Assoc . http://www.vulcanriders.org
rot13 [email protected] to reply
"Matisse" <[email protected]> wrote in message
> > received. The basics are that they send you a cashier's check or money
> > order that you bank will accept but will later reject once they find
> > it's fake. By that time you have already shipped the product.
And where was the ship-to address? Unless it was some bogus address, it
shouldn't be all the difficult for authorities to track to who was using it
even if it was a rented postal mail box. Must have been something more
elaborate than that to evade detection.