Communtiy guide: Email scams are evolving and how to stay safe

[skool h8r]

Hi all,
It looks like it's finally happening, the days of lame looking spoof emails are disappearing and being replaced with more convincing siblings. Yes, today, i received one, "from ebay" with "a member" asking me a question. If i may, i present to you, subject A:

http://www.aoaforums.com/forum/attac...1&d=1161274008

Looks ever so convincing, at least to the unsuspecting. Now, at the moment i read this, i was thinking of responding to the question, despite not having anything for sale like this, because i thought someone had got into my account. So, i clicked the link. Hmmm, what page was it that appeared. Oh that's right, the "ebay" login page. Hmmm, so i entered part of my username and froze. Lucky i stopped because if i hadn't, i wouldn't have noticed the address bar. Yep, not ebay's server. In fact, when i browsed to the domain, it was actually some far eastern language and looked to be some sort of service provider (i.e. email servers, web servers, etc).

Now, would you have been fooled? Here's how you detect fake from real (as far as you can without going the long way round). It's a simple, two step double check. Firstly, ebay include your member name in ALL their emails. If you can't find it, then it's a fake. 100%, no doubt, fake.
Secondly, you can do the following:

http://www.aoaforums.com/forum/attac...1&d=1161273986

That's it! If the link tooltip that appears (the little yellow box with text in it) doesn't have ebay.com/ (not just ebay.com), then it is probably gonne be a fake.

It's simple enough to avoid it, just go to ebay.com in your web browser and go from there.

Note: For obvious reasons, i decided to protect the members name as it could be a real member and they don't deserver grief for something they may not have been involved in.

[Favu]

That looks pretty legit, phising and crap like that really sucks.

Also, you suceeded in margin screwing the page

[skool h8r]

Quote:

Originally Posted by Favu

That looks pretty legit, phising and crap like that really sucks.

Also, you suceeded in margin screwing the page

It's why i made this guide. There are people out there that don't know much better and will hand over their details. It's designed to save a few minutes fo everyone.

As for margins, i know, and didn't mean to. It doesn't even fit completely on my screen and i'm at 1280x1024. But it's to make it as clear as possible. Think of it as symbolic .

[Aedan]

Basic rule is to go and manually type in the address for whatever site it might be. This doesn't just affect Ebay, but all sorts of stuff.

There are also some toolbars designed to try and detect phishing attacks and these can help too.

[Gizmo]

Of course the 'anti-phishing' toolbars can bring with them privacy issues of their own, because they have to contact a central server with information about what you are viewing, and the browser is likely going to give away all kinds of personally identifiable information about you.

sigh. It never ends........

[skool h8r]

Quote:

Originally Posted by gizmo

Of course the 'anti-phishing' toolbars can bring with them privacy issues of their own, because they have to contact a central server with information about what you are viewing, and the browser is likely going to give away all kinds of personally identifiable information about you.

sigh. It never ends........

Hmm, you've got me thinking there, we have a helluva lot of knowledgable people here at AOA who excel in a certain area of computing. Perhaps we could build a community web browser and by using all the knowledge everyone here has, we can utilise all sorts of different thing. For example, instructions that utilise the CPU as effectively as possible. Our own custom browser engine (incredibly hard but could turn out incredibly, erm, incredible). Our own guidelines on privacy and best practices. I know that this isn't actually going to happen though because no one will be bothered....

[aghastpumpkin]

You casn't expect them to be. It's a nice idea but browsers take a very long time to develop, and even then, they may not be successful.

[Samuknow]

I have been getting a few of these over the last two months or so. It took me a second to realize I did not bid on anything like what came. I NEVER send info requested by an email. I went right to My Ebay and nothing was there. Imagine that...

[cloasters]

Argh, larcenous pigs!