[ long and O/T but hopefully a bit of a public service announcement ] On Fri, Aug 26, 2005 at 07:23:53AM -0500, benzx2_at_verizon.net wrote: > Another new scam targets buyers. If you lose a bid on Ebay, don't be > suprised to get a 2'nd chance offer that looks like it came from the > seller. It will tell you that the winner backed out and you can have > the item at your last offer. But then it will go on to say please don't > respond to the email because they are having trouble getting mail there > so please use their hotmail or yahoo account. Scams like this are absolutely epidemic. My spamtraps (including mail addressess that NEVER existed) are hit with them multiple times per day. The best defense is of course to be paranoid -- because they ARE out to get you. The second defense is NEVER to use an email client ("email client" == the program you retrieve/read/compose/send your mail with) that renders HTML, or, if that can't be avoided, to turn HTML rendering off an leave it off. That single step is one of the most important things you can do -- although many people foolishly and naively refuse to do it, apparently because they do not understand the fundamental difference between the web (HTTP) and email (SMTP). [1] Let me give you one example out of thousands why it's critical. This is from a phish spam receievd here overnight: <a href="http://support-ebay-billing.com">http://signin.ebay.com/aw-cgi/eBayISAPI.dll?SignIn</a> If you're reading this in an email client that renders HTML you'll see that as: http://signin.ebay.com/aw-cgi/eBayISAPI.dll?SignIn which is of course the REAL eBay. But that's not where the link goes. It REALLY goes to: http://support-ebay-billing.com which is registered to: owner: gary page email: myallwork_at_yahoo.com address: 4 jewell ave city: binghamton state: NY 13901 US phone: 0016076489301 admin-c: myallwork_at_yahoo.com who has nothing to do with the real eBay, and is a spamming, scamming scumbag. And this is one of the *obvious* ones. Far more clever ways of concealing links and email addresses and so on are in use, and anyone reading their mail with HTML rendering enabled is setting themselves up to be taken in by them. (It's also quite routine for spammers to embed links that cause the spammer to be notified that you're reading the message -- thus helping them out by letting them know that your address is live and can be reached via the mechanism they used to send that particular spam.) So: turn it off *NOW*. Otherwise, frankly, you _deserve_ to be spammed, scammed, phished, and have your identity stolen because you're refusing to lift a finger to protect yourself -- in fact, you've actively assisting the very people who are attacking you. That's just plain stupid. A good email client, BTW, is Thunderbird: see www.mozilla.org. A horrible email client, BTW, is Outlook: don't ever use it. It's so bad that at some companies/organizations using it is a termination offense. In my opinion, that's an entirely sensible policy. The third defense is to be inherently suspicious of anyone using an address at a freemail provider -- especially Hotmail and Yahoo. Both are well-known for having completely incompetent abuse control departments, and thus both are completely infested with every kind of abuser. Just my own little collection here has about 5,000 Hotmail addresses and 10,000 Yahoo addresses -- ALL of which belong to spammers. And I'm sure I'm only seeing the tip of the tip of the tip of the iceberg. The fourth defense is to avoid known abuse magnets if possible...and eBay and Paypal are very high on that list. They're abuse magnets for two reasons: first, they've failed to take anything close to enough action to make themselves undesirable targets; and second, few others have taken the action that they could take to help out. Let me show you what I mean. John Levine, well-known author of "The Internet for Dummies", posted this list in an email abuse discussion newsgroup a couple of days ago: my-ebay-ebay.com my-ebay-signin-billing-account.com my-ebayauction.com myebay-ebay.com online-ebay-escrow.com onlineauctionsonebay.com onlinesafety-ebay.com payment-confirm-ebay.com payment-departament-ebay.com payment-department-ebay.com payment-ebayalert.com payments-ebay-squaretrade.com paymentsupport-ebay.com planetebay-verification.com planetebayonline.com purchase-ebaysquaretrade.com reactive-ebay.com safe-departament-ebay.com safe-squaretrade-ebaydeals.com safedeals-ebaysquaretrade.com safedepartament-ebay.com safeharbor-ebaycentral.com safety-protection-ebay.com safetyteam-ebay.com scgi-ebay-ebayisapi-dll.com paypal-account-8414swq9.com paypal-account-sa435qs.com paypal-accountings.com paypal-accounts-update.com paypal-alert.com paypal-confirmation-id-0746795.com paypal-confirmation-id-pp0746s795.com paypal-confirmation-id-pp4145570.com paypal-fraud-alert.com paypal-intl-service.com paypal-member-services.com paypal-secures-updates.com What do these have in common? None of them have anything to do with eBay or Paypal. They're all spammer/phisher domains. AND they're all hosted on MSN, the Microsoft Network. Why aren't eBay and Paypal using their enormous resources (piles of money, armies of attorneys) to go after them? Good question. They're certainly willing to flex their legal muscles against other targets; why not these? John goes on to ask: "If you were in the domain hosting business, would you let your customers register and use these? Microsoft did." Keep this firmly in mind the next time you read a grandiose pronouncement from M$ about how they're "fighting spam". They can't even keep their own filthy spammer-infested network clean; there's no way they're ready to take on the larger problem Internet-wide. Finally, an excellent resource; see: http://www.schneier.com/blog/archives/2004/12/safe_personal_c.html for Bruce Schneier's advice on safe personal computing. Bruce is one of the most widely-known and respected security professionals on the planet; I strongly recommend taking his advice. ---Rsk (day job: senior Internet security architect) [1] As is often pointed out, only three kinds of people send HTML mail: 1) newbies, who don't know any better 2) idiots, who are too stupid to learn 3) spammers, scammers, and other abusers *************************************************************************** PaddleWise Paddling Mailing List - Any opinions or suggestions expressed here are solely those of the writer(s). You must assume the entire responsibility for reliance upon them. All postings copyright the author. Submissions: PaddleWise_at_PaddleWise.net Subscriptions: PaddleWise-request_at_PaddleWise.net Website: http://www.paddlewise.net/ ***************************************************************************Received on Fri Aug 26 2005 - 08:16:24 PDT
This archive was generated by hypermail 2.4.0 : Thu Aug 21 2025 - 16:31:21 PDT