warning about ebay scam

[narayan]

Not sure how new this is but theres a scam going around on ebay at the moment.

A friend of mine was trying to sell a PSP on ebay and someone from nigeria bought it saying she'd pay for shipping to nigeria. So anyway my friend went to DHL to get a price and the people there said that they'd been told by a detective to warn people who are trying to sell stuff on ebay to people in nigeria. Apparently once they get your bank account details and your name/address they'll get access to your bank account attempt to empty your accounts.

[Torsten]

nigerians must be pretty smart cos they keep coming up with new scams and naive westerners keep falling for them. I guess it's one way for wealth redistribution

Anyway, these scams are all about getting enough personal details to get access to your bank account. I regularly get various claim forms etc where all I need to do is enter 5 bits of data and they will transfer lots of dollars to my account .

Anyone who hasn't realised yet that financial institutions, paypal, ebay etc NEVER ask for any personal details, kinda needs to be taught a bit of a lesson.

[Amulte]

Its not e-bay they are worried about, its the nigerian 419 scammers.

Edited October 24, 2006 by Amulte

[faustus]

but surely you'd need more information than bank account, name and address?

this very info can be gotten from just one bank statement in the mail. do they need a signature too?

[Big George]

You'd be surprised what anyone can find out about you.

Start off by searching the australian grey pages phone directory online.

I can plonk in your address, even just your street name and find out exactly who lives there, their phone number, etc.

A few phone calls later to your neighbours can net a LOT of information if you are a good liar. "Hi this is detective Bensen and Detective Stabler from the FBI, I understand your neighbour, Mr...X at house # 15 may be involved with xyz crime, can I have a minute of your time to ask some questions?"

From the info gleaned from your neighbours, anybody can find out all kinds of things.

Once they have your address, they can then do a few searches thru public records like land owners, etc...

And so on. All over the phone.

If the scammer was actually THERE, things can happen..

You see, once I have your name, usernames online, date of birth, wife's name, dogs name, kids, dates of birth. I'd pretty much bet that I have at least one of your passwords, using a password jumbler / cracker I can roll thru several thousand combinations every few seconds on ANY SITE YOU LOG IN TO.

If I simply just had your IP address, it would be possible to plant a keylogger or a screen watcher in your computer and i'd have your bank details, paypal, etc... in absolutely no time...

If your real curious, learn about the other side of spyware that most computer users don't see. You will be amazed how simple, yet powerful it is. Just by landing on a website, it's possible to plant a cookie in your computer that installs a keylogger and transmits the info to your hacker.

It scares me that I know how to do all this stuff, to the point where I will not do it just on principle. However, these tools in the wrong hands can really mess up someone's life!

Edited October 24, 2006 by Big George

[PD.]

Last night i was chatting with my cousin on msn and he asked if i knew a guy called "Wax". Apparently he added my cuz a week or so back and last nite was the first time he made contact. Wax wanted to know if my cuz could help him to get a laptop for his research. My cuz wasnt in the mood for bullshit so i asked if i couls have the cocntact and play him along.

I told wax i was a wealthy man from greenbay, wisconsin and due to my finacial situation i am more than happy to help those that struggle to finish rersearch due to lack of funding. I asked him, what organisation he was with and he replied, the world health organisation and he was based in africans (as he put it).

I then told him i would require an outline of his research and some other basic information of his studies. He told me that he was studying plants to look for a cure for AIDS cancer and something else i cant remember, when i asked what herbs would be used and what the botanical names were he told me that the information was private! After i bugged him for a bit and told him i wouldnt just GIVE him a laptop without knowing anything about the research he told me the plants.................Galic and waterleaf. I assumed he meant garlic.

He said he already had outstanding results with some patients that have 80% less AIDS than when they started the treatment. LOL

I told him i would like to deliver the laptop in person and asked for an address. It took a bit but he gave it up with one condition, that i send the laptop registered mail first. I told him that i would think about it but i would PREFER to hand it ovewr in person and look around the research facilities. I told him i had booked a flight for next thursday, so he is going to pck me up from the airport and arrange accomadation as long as i send the laptop first. Nigereia here i come.

I said i would have to think about it and i would chat to him tomorow.

How in fu**s name do ppl get sucked into these things so bad that they send cash, goods or bank details? FFS the dude has only JUST got a handle on the english language, but i guess he is doing such noble work into the cure for AIDS. hahahahaha

[apothecary]

You see, once I have your name, usernames online, date of birth, wife's name, dogs name, kids, dates of birth. I'd pretty much bet that I have at least one of your passwords, using a password jumbler / cracker I can roll thru several thousand combinations every few seconds on ANY SITE YOU LOG IN TO.

Where did you come up with this gunk...if you had a password already when why would you be brute forcing for others?

How exactly do you know which sites I'm visiting again?

l

If I simply just had your IP address, it would be possible to plant a keylogger or a screen watcher in your computer and i'd have your bank details, paypal, etc... in absolutely no time...

If you had my IP address you could do nothing of the sort. I would love to see you try. Possibly if you had my IP address you could scan my hostname for open vulnerable services (under the assumption I am not using a stock standard DSL router or whatever that blocks ports). Then maybe if one of those services was actually exploitable and you were proficient enough to do something, then MAYBE if I wasn't running some sort of third party security service you could make an attempt to break in and install a keylogger or VNC client or something. At this point why wouldn't you just install a trojan that does all of it?

If your real curious, learn about the other side of spyware that most computer users don't see. You will be amazed how simple, yet powerful it is. Just by landing on a website, it's possible to plant a cookie in your computer that installs a keylogger and transmits the info to your hacker.

It scares me that I know how to do all this stuff, to the point where I will not do it just on principle. However, these tools in the wrong hands can really mess up someone's life!

And lastly, please give an example of this magical cookie that can install binary files on my computer and then actually execute them?

Spyware/malware is installed on the victims PC through browser exploits. While this is perfect for building up mass botnets and spam networks, I fail to see how you could use this to infect a singe targeted host without physically requesting the user to go to that website. Even at that point you'd have to be operating under the asssumption that I am running a browser vulnerable to the exploit (NOT COOKIE) you wrote, and not running any third party security software that may catch it for your attempt to POSSIBLY be successful.

Please stop spreading misinformation.

[Big George]

OK, whatever you say dude.

I know what I can do, I have nothing to prove.

if you choose to think your safe then no problem.

[apothecary]

Yeah I'd love to see your brute force attempts since most websites since 1999 have a max number of tries before locking the IP down for at least fifteen minutes.

Did you really think I was gonna let you spread misinformation on these forums without calling you on it?

Hell, if I'm wrong I'll eat my hat. My IP address is 211.30.122.98. I await your magical cookie backdoor.

Edited October 25, 2006 by apothecary

[Chemakazi]

Just by landing on a website, it's possible to plant a cookie in your computer that installs a keylogger and transmits the info to your hacker.

It scares me that I know how to do all this stuff, to the point where I will not do it just on principle. However, these tools in the wrong hands can really mess up someone's life!

what scares me more is u actually think this crap is true

since when does a txt file (cookie) have executable permisions to run a binary...

*typos

Edited October 25, 2006 by Chemakazi

[DocAzz]

I must say I do know of a similar directory of 'information'. A number of private companies have this information. I have a friend that works for one of them.... the amount of information a private company has on any one of us is SCARY.

I mentioned one night at a party that I was trying to track down an old friend, who ripped off a number of people to a total of over $10,000 (myself included). She overheard the conversation and said to email her his full name, and any other information I might have. DOB, suburb, phone (home, work or mobile, but not prepaid), even parents names! anything!

I did so. I had his DOB only. She sent back a form with a few matches that I looked at, I knew one of them was him, and I told her the one I wanted cos I heard he lived near Hornsby. She then sent me that match, which had his address, phone numbers, employer and landlord.

I called the employer at 7am one morning, and asked if he was in. "No he doesn't start till 8:30, would you like me to take a message?" I replied "oh no, he finishes at 5pm yeh?" "yes sir" "well, I'll just catch him after work then. Thanks!"

So I now have all his details, and daily whereabouts.

I passed all this information on to people who had been ripped off. I'm waiting for some of them to collect before I do, as I didn't lose much, and have already replaced the equipment (two guitar amps) that he had pawned.

[apothecary]

Nobody denying the existance of information directories like the one Big George described.

[Amulte]

just to clear up somthing, i wasnt implying thatthe person on eBay was in anyway involved in 419. was just pointing out thats why that western union, DHL and such places have these precation in place to things, especially money, going in or out of nigeria. i doubt that 419 scammers could use ebay to their advantage too well.

Edited October 25, 2006 by Amulte

[simon_marklar]

its actually an escrow service scam. they say that they want to use an escrow to send the money to you. so you get a note from a fake escrow service saying they have your money and when the scammer gets your item you will get the money. so you send the item, only to find out the escrow service was a fake and probably the same guy who you sent the item too. he has the goods, you have nothing.

[Jesus On Peyote]

havent u heard of trojans? and active X exploits and all the rest,weather george can do it himself is his own knowledge,and for u apoth to straight out attack him for sharing some of his knowlage is retarded on ur part. but hacks n viruses are everywhere,tho not all are stealing personal info and the like. And yes, cookies can be modified to send out all sorts of info.. get your own facts straight Chemakazi.

[Chemical Shaman]

havent u heard of trojans? and active X exploits and all the rest,weather george can do it himself is his own knowledge,and for u apoth to straight out attack him for sharing some of his knowlage is retarded on ur part. but hacks n viruses are everywhere,tho not all are stealing personal info and the like. And yes, cookies can be modified to send out all sorts of info.. get your own facts straight Chemakazi.

hmmm, im really confused here. What I would call "retarded on your part" would probably actually be replying to a six month old thread without any apparrant purpose or reason, with nothing of any actual relevance or significance to add to it. It seems like the only intent here is to have a dig at two members...... who realisticly seem to know a whole lot more about the subject matter than you do.

What's your point here JoP?

?????

-Chemical Shaman

[Benzito]

I love CS.

(No offence meant to anyone involved)

[Ace]

Lol - he is certainly not afraid to get straight to the point Most of the time, its in a completely insulting way, but in all seriousness, he has a point here JoP

[Benzito]

CS isn't 'insulting' he is just 'CS'.

He says what needs to be said, and sometimes a fair bit more.

edit: Do miss the old avatar though CS.

Edited April 5, 2007 by Benzito

[Ace]

I love his current one - what was the old one?

[Amulte]

HEHEHE, it was mesmerizing to the point whenone thinks of it they cannot spell big words.

[Torsten]

LOL, I think CS's old avatar would have been right up JoP's alley [given the recent utube vid he posted] .

As fara s insults goes, I am pretty sure he was just quoting JoP's own words.

[Benzito]

That's what I said, he isn't 'insulting' anyone.

He's just showing you your own faults.