Topic '[Phish] Ebay phishers are getting smarter' in forum 'Scam and Phishbusters' - dslreports.com

Re: [Phish] Ebay phishers are getting smarter

Tue, 04 Dec 2012 23:03:36 EDT

anon posted : I received a "second chance offer" on a $6,200 UTV from the same email site. I reported it to eBay, but just got standard answer. I think the biggest thing that eBay should be looking at is how did they get my eBay address!!!! I use an alias that is only used on eBay. So somehow they got it from the info that I had bid on this item. That seems like a HUGE deal to me.

Re: [Phish] Ebay phishers are getting smarter

Sat, 01 Dec 2012 13:27:10 EDT

Snowy posted :

said by Worried :

So are most phishing sites not associated with key logger malware?

The short answer is yes, most phishing sites are not associated with malware.
There’s a lot behind that but briefly, the miscreants behind phish sites & malware servers usually engage in one or the other type of activity with little crossover.
Serving phish content & malware simultaneously on the same URL is something seen very rarely & when it is seen is the result of 2 unrelated miscreants hacking the same server around the same time with each doing their own thing independent of each other. I don't believe that happened here.
The activity in this thread indicates this phish was well organized & executed by a professional engaged in phish activity.
Toss in a probable Romanian connection & it becomes more convincing that phish was the order for the day because Romanians involved in cybercrime are overwhelmingly involved with phish content vs malware content although they do exist.

said by Worried :

Am I (hopefully) worrying over nothing?

I wouldn't take it to the point of not worrying about anything but worrying about having a KL or some other driveby installed via this event are slim to nonexistent, IMO

Re: [Phish] Ebay phishers are getting smarter

Sat, 01 Dec 2012 12:33:07 EDT

peterboro posted :

said by irwin6900 :

Like you I am interested to know is how they managed to get my email address as this was sent direct to my email and not via ebay.

Did you reply to any buyer questions during the auction period?

Re: [Phish] Ebay phishers are getting smarter

Sat, 01 Dec 2012 10:19:06 EDT

anon posted :

said by damn:

Got this in spam today. Email was sent to a unique address that I use for ebay only. Wonder how they got it out?

Just came across this forum as I had exactly the same email yesterday on a pretty expensive item I sold. Same ID as well. 'Michael' masquerading as kike4523 and links to vali-leaks.com. Like you I am interested to know is how they managed to get my email address as this was sent direct to my email and not via ebay.

Re: [Phish] Ebay phishers are getting smarter

Sat, 01 Dec 2012 10:11:26 EDT

anon posted : I also had the same thing happen to me today, with the same e-bay member kike4523. It had me going for a while.. thank you for posting yours.

Re: [Phish] Ebay phishers are getting smarter

Sat, 01 Dec 2012 05:37:46 EDT

anon posted : So are most phishing sites not associated with key logger malware?
Am I (hopefully) worrying over nothing?

Re: [Phish] Ebay phishers are getting smarter

Fri, 30 Nov 2012 23:49:31 EDT

Snowy posted :

said by Worried :

I do have up to date Webroot antivirus, but was wondering if I should get my computer checked out?

The only way to be sure is to go through the motions at DSLR's Security Cleanup forum located here.
»Security Cleanup

My opinion is that the site was setup or hacked too act as a typical eBay phish, not a malware server.
Everything points that way.
A newly registered domain name with possibly fraudulent domain registration, eBay phish content, possible Romanian involvement all point towards just another eBay phish rather than malware installations.

It was registered on Nov 20, 2012 with the following whois
"Registrant:
Valentin Mihai Foarcea
Tacoescu #27
Dragasani, N/A 245700
RO
Domain name: VALI-LEAKS.COM
Administrative Contact:
Mihai Foarcea, Valentin vali.foarcea@gmail.com
Tacoescu #27
Dragasani, N/A 245700
RO
+1.4073323605x1
Technical Contact:
Administrator, System hostmaster@lunarpages.com
1360 N. Hancock St.
Anaheim, CA 92807
US
+1.7145218150
Registrar of Record: TUCOWS, INC.
Record last updated on 20-Nov-2012.
Record expires on 20-Nov-2013.
Record created on 20-Nov-2012.
Registrar Domain Name Help Center:
»tucowsdomains.com
Domain servers in listed order:
NS1.VALI-LEAKS.COM 64.50.180.41
NS2.VALI-LEAKS.COM 64.50.180.42"

said by Worried :

What happened to you?

Not really directed at me but I did visit the site while it was still up & didn't notice anything related to malware.

Re: [Phish] Ebay phishers are getting smarter

Fri, 30 Nov 2012 22:26:23 EDT

anon posted : Hi there, I just got this same email myself at 10 this morning about one of my closed auctions, just checked my email and being stupid i suppose actually clicked the "Reply" link button, the web page didn't actually load, (Problem loading page popped up) then I seen the web address and thought something was up so I checked ebay and there was no actual message from anyone in my ebay inbox.
I am however quite worried that by clicking the link I may have gotten myself a virus, (quite paranoid about keylogger virus and the whole online banking / losing my money) did you click the link yourself like I did?
I do have up to date Webroot antivirus, but was wondering if I should get my computer checked out?
What happened to you?

Re: [Phish] Ebay phishers are getting smarter

Fri, 30 Nov 2012 22:25:28 EDT

anon posted : I got the same thing. Did you report this to eBay? If so, I would like to also report it.... let me know how.

Re: [Phish] Ebay phishers are getting smarter

Fri, 30 Nov 2012 16:19:31 EDT

garys_2k posted : Wow, talk about spear fishing, good catch.

Maybe your e-bay only email address is in the "give feedback" part of your original listing.

[Phish] Ebay phishers are getting smarter

Fri, 30 Nov 2012 15:20:01 EDT

damn posted : Got this in spam today. Email was sent to a unique address that I use for ebay only. Wonder how they got it out?

The auction is my real auction that ended last week. I had to double-check everything.

All links in email go to vali-leaks.com/ket/
Email was sent from that server as well.


ebay.txt 15,014 bytes