[meteorite-list] Paypal Hackers WARNING!!!

From: Sterling K. Webb <sterling_k_webb_at_meteoritecentral.com>
Date: Sun Oct 8 17:31:55 2006
Message-ID: <005f01c6eb21$2ada3730$1021e146_at_ATARIENGINE>

Hi,

    As much as it pains me to defend the eBay eMpire,
they do DO something about crooks who think eBay is
deaf, dumb, and blind.
    Some months ago, I bought a used DVD from an
eBay seller with thousands of feedbacks, 99+% positive,
paid with PayPal. Got the usual post-sale messages,
including a note from the seller that he would ship
within two days. About three days later, I got an
unsolicited email from PayPal telling me I should
immediately go to their site and make a claim against
the seller for the return of my money. No reason
given. A check of eBay showed that seller had utterly
vanished; no record of them. I filed the claim, and
in two weeks, the money was back in my PayPal
account.
    I have no idea what happened or why. I just know
that eBay/PayPal came out of the blue and remedied
a problem I didn't even know existed. I hadn't even
expected the DVD to arrive yet. My guess is that he
was selling stolen merchandise.

Second example:
    One evening, very late at night, I was sifting
through eBay Search and came across an expensive
electronic item at a very, very low price that intrigued
me enough to click on it. It was a just-started (15
minutes previously) one-day auction. Since the obvious
sales strategy for such an item would be a longer
auction, I clicked on View Seller's Other Items and
found 110 one-day auctions for items with retail costs
from $4000 and up, all to be shipped by Free FedEx
2-Day Air from a named East Coast US city and
all starting at $79. Most of them would have cost
more than that to ship.
    I looked at the seller's feedback history. Years
long, 100% positive. The problem was that all he'd
ever sold was used children's clothing and he was
located in the Isle of Lewis, in the Hebrides, off the
west coast of Scotland. There was, to put it mildly,
a mis-match there.
    I deduced a hijacked identity by somebody who
was fencing a truckload of high-end electronics, possibly
also hijacked. Several items were photographed sitting
on the tailgate of a big truck. I emailed the seller (to the
off-eBay email address he gave in the auctions) with
a naive querry about one of the auctions: is this item
new? used? refurbished? In five minutes, I got a reply
from the seller offering a Buy It Now price of $1000,
to be paid as soon as possible by Western Union
money order.
    I was already typing up all these findings as I
made them, as a text file, so I immediately sent it
to whatever generic address on eBay that says to
report possible fraud. I doubted that they'd get to it
that night; maybe in the morning...
    About 10 minutes later I went back to look at that
auction again. It was closed. All those auctions were
closed, and the rest of the page was filled with various
warnings saying NOT to communicate with a seller
outside of the eBay system, NOT to use Western
Union or other instant pay systems to pay for items,
especially when solicited to do so by the seller.
    In all, these 110 auctions lasted for less than
an hour on eBay. Was I the first to notice them?
Or the 100th? Had eBay already found them? For
whatever reason, eBay's performance was excellent.
Their response time was measured in minutes, not
hours, not days.

    HOWEVER, they do not talk about what they
do! Or how they do it, or even admit that they do
anything beyond a bland statement that they make
all possible effort. The often-expressed sentiment
that they don't care and don't do anything is just
not correct. They just don't brag about it.

    Sorry for the long stories, but it doesn't mean
much without all those details!


Sterling K. Webb
-----------------------------------------
----- Original Message -----
From: "Mark" <mafer_at_imagineopals.com>
To: <cynapse_at_charter.net>
Cc: "meteoritelist" <Meteorite-list_at_meteoritecentral.com>
Sent: Sunday, October 08, 2006 2:14 PM
Subject: Re: [meteorite-list] Paypal Hackers WARNING!!!


> Hi Darren and List
>
> If you'll read ebay's page on spoof mail you'll note that ebay and paypal
> will never put a link for you to use within the msg where you have to log
> in.
> They will tell you to go to the site and sign in instead. This is what
> makes it different and easy to spot.
>
> Delete or report, either way, you don't fall for them.
> I do agree that ebay isn't doing anything that will cost them money or
> lawyer time. Best you can hope for is that they turn over the links to an
> agency which is already paid to chase criminals, which I doubt they do
> either.
>
> Mark Ferguson
>
> ----- Original Message -----
> From: "Darren Garrison" <cynapse_at_charter.net>
> To: "Dave Freeman mjwy" <dfreeman_at_fascination.com>
> Cc: <Meteorite-list_at_meteoritecentral.com>
> Sent: Sunday, October 08, 2006 2:52 PM
> Subject: Re: [meteorite-list] Paypal Hackers WARNING!!!
>
>
> On Sun, 08 Oct 2006 11:41:57 -0600, you wrote:
>
>>Dear List;
>>I have been studying issues first hand on hacking via the Internet
>>Explorer versus other browsers...Firefox is much more secure and less
>>hackable. Every common crook has figured out how to hack into IE thus
>>making it much easier for them to open the door to your accounts. I
>>rarely use IE, use Navigator for my emails and weather/news, and use
>>Firefox for my eBay and paypal accounts.
>
> No web browser is safe from scams that rely on user error. These type
> e-mails
> give you a link to a look-alike site and get you to enter your username
> and
> password yourself. The solution to this problem (which all e-mail safety
> tips
> have been screaming at everyone for years) is NEVER click on a link sent
> to you
> from anyone claiming to be an on-line service. NEVER. If you have a
> legitimate
> issue from whatever the service is, you will be able to resolve it by
> going to
> the home page of the web site and then logging on to your account from
> there.
> Again, NEVER follow links sent in unexpected e-mails no matter how good it
> looks.
>
> Also, another good idea is to not have any type of HTML or any other type
> of
> executible elements active in your e-mail client. I use plain text e-mail
> and
> refuse to switch to anything else. Which means that I am at exactly zero
> risk
> from any type of virus, worm, HTML trick, Active-X doohickey, or anything
> else
> sent by e-mail that is the source of most virus problems (I say "most"
> without
> checking the actual statistics on this, so "most" may mean "not most").
> When I
> get an e-mail (from a company or an individual) that is encoded in HTML I
> delete
> it unread.
> ______________________________________________
> Meteorite-list mailing list
> Meteorite-list_at_meteoritecentral.com
> http://six.pairlist.net/mailman/listinfo/meteorite-list
> ______________________________________________
> Meteorite-list mailing list
> Meteorite-list_at_meteoritecentral.com
> http://six.pairlist.net/mailman/listinfo/meteorite-list
>
Received on Sun 08 Oct 2006 05:31:50 PM PDT