Scam, Spam and Jam

Scam

A quick tip off about a scam going round at the moment “on ebay” which might catch you out.

I say “on ebay”, because actually that’s just the thing. It’s not. It’s actually just an email directed at you, with a question designed to get a “rise” out of you, so that you click the reply link in blind rage without thinking, and before you know it, you’ve given away your password.

How it works:

1) Scammer gets your username and email address from ebay. This is not hard, given that if you’re a business you probably have this info available on your about me page.

2) Scammer sends you an email like the one I received this morning:

I saw that you relist the item 200344258848. What is the bottom price for it?
Richard Nye

where the item number above contained a link to:

“signin.ebay.co.uk.ws.ebayisaapi.dll…”
(good so far right? If you only read this far, or your email client only shows the first few characters, it looks genuine – but the rest..)
“.tanglewoodkennels.com”

.wtf?

So yeah, there is a vague chance that you might click on this page thinking it’s real.

3) The page you’re directed to looks and feels like an ebay login page. You duly enter your username and password. Scammer then laughs all the way to the bank, as he’s just got your username and password for free.

I’ve seen a couple of these that contain ridiculous complaints, like “The item you have sent me <link to fake ebay page> has broken and I am going to leave you negative feedback”. Obviously this is a dangerous situation, as a seller you might rush to investigate, not sit back and think rationally.

The solution is simple:

Never reply to messages or respond to emails by clicking a link. Always go to your ebay “my messages” by typing in www.ebay.co.uk or .com yourself manually by hand.

If someone emails you from an address other than ebay, dont click any links. You can type item IDs manually into ebay search too.

A litle extra effort goes a long way.

Spam

I realise that posting this won’t make a blind bit of difference, but I’d like to mention that I have a wordpress plugin that completely filters all spam comments. It really does.

I recommend it to anyone with wordpress. It’s called “akismet”.

So, crazy spammers – you can post comments like this:

I enjoyed the article and thanks in esteem of posting such valuable appellation after all of us to skim, I skiff it both of avail oneself of and instructional and I ungracious sketch to address it as usually as I can

..as much as you like. It’s not going to get through, and your spammy links aren’t going to end up on the web through me. Even in the highly unlikely event that akismet misses your post, I still moderate all posts. It seems such a shame that you clearly waste your time with such….eloquent…erm….well yes.

Jam

Well, it rhymes with the aforementioned. Nothing else to say about that.

4 Responses to “Scam, Spam and Jam”

  • MonkZy says:

    I also had this exact email this morning. It instantly smelled of a scam. I checked the site ‘www.tanglewoodkennels.com’ and it seems a legitimate site selling dog supplies/services. Are the scammers hijacking the URL and redirecting to a different webserver elsewhere? Are the Tanglewood folks even aware?

  • admin says:

    I did think about telling them, but assumed they’d just think I was a total loon. Also the email address was a legit site too, so it looks like a hijacking double whammy, as you say. They’ve probably planted some code on a subdomain on the kennel website, the owners probably don’t even know it’s there.
    Do you think we should do the honorable thing? :/

  • MonkZy says:

    It may be good if we did..That is after I procrastinate for a short while reading your blog :) I am glad I stumbled in here chasing info on a phishing scam. Bookmarked it.

    I will drop them an email with a link to this blog..you have explained the situation well.

  • admin says:

    super.
    Let them know that I will of course mask their web address on this blog if they wish, which I imagine they will.

Leave a Reply

Get Adobe Flash playerPlugin by wpburn.com wordpress themes