Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




32 posts

Geek
+1 received by user: 5


Topic # 138841 18-Jan-2014 19:47 Send private message

I'm sure most users here would be aware not to click on links in suspicious emails but I thought the below email I received was a very good attempt at scamming me! Good on 'em for trying...

"Hi user - ID (email address went here)

Your payment was accepted for auction 'XBOX 360 4Gb Slim Console' (#408303501). The seller has been instructed to ship the goods. XBOX 360 4Gb Slim Console
Reference #
408303501
Amount paid

$120.00
Card number

**** **** **** ****
Delivery address

New Zealand
03 90815800
Shipping

$24.00 Courier for Rural Area
Seller's email


If you haven't received the goods within seven days, please let us know. If you have any problems with the goods, please contact the seller directly.

Note: If you haven't authorized this transaction ,click the link below to cancel it and get full refund.
Go to Trade Me and cancel your transaction at :
http://www.trademe.co.nz/CancelPayment/profiles/services/
Happy trading! 

The Trade Me Team 
www.trademe.co.nz"

I copied the email into a spare VM I had running and followed the links which went to a fake Trade Me site hosted on a compromised webserver. The site requested TM login details (I entered false ones which the site accepted) and then the following page requested credit card info (name, card number, ccv, credit limit) to be able to cancel the transaction.

I made sure to pass this all on to abuse@trademe.co.nz but make sure to tell your friends (especially parents with kids piggybacking off their TM accounts) to watch out for this one.

Create new topic
BDFL - Memuneh
57609 posts

Uber Geek
+1 received by user: 9245

Administrator
Trusted
Geekzone
Subscriber

  Reply # 969453 18-Jan-2014 19:50 Send private message

Yes, you're right there, classical phishing expedition...




12257 posts

Uber Geek
+1 received by user: 1342


  Reply # 969454 18-Jan-2014 19:54 Send private message

I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.



32 posts

Geek
+1 received by user: 5


  Reply # 969455 18-Jan-2014 19:59 Send private message

mattwnz: I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.


Yes, non TM email address was the first thing to give it away. I think the fact that the item it referred to was an XBOX would make some poor parent assume their kid has been on their TM account with their credit card, and that they would definitely want to reverse the charge.

12257 posts

Uber Geek
+1 received by user: 1342


  Reply # 969456 18-Jan-2014 20:07 Send private message

TheHoss:
mattwnz: I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.


Yes, non TM email address was the first thing to give it away. I think the fact that the item it referred to was an XBOX would make some poor parent assume their kid has been on their TM account with their credit card, and that they would definitely want to reverse the charge.


I think I would have also looked into it more if it had been a trademe address, especially as they used the email address that I used for trademe, which isn't the normal one I use. I wonder how they got that. I did however look up the auction number to see if it was legit, but it was an auction for something else, so obviously a scam.

BDFL - Memuneh
57609 posts

Uber Geek
+1 received by user: 9245

Administrator
Trusted
Geekzone
Subscriber

  Reply # 969470 18-Jan-2014 20:25 Send private message

mattwnz: I think I would have also looked into it more if it had been a trademe address, especially as they used the email address that I used for trademe, which isn't the normal one I use. I wonder how they got that. I did however look up the auction number to see if it was legit, but it was an auction for something else, so obviously a scam.


They could have gotten the email address from one of the people who won your auctions and corresponded on that address. But unless they sent emails to everyone on the person's address book the how would they know it was a Trade Me valid address?

Interesting...





630 posts

Ultimate Geek
+1 received by user: 124


  Reply # 969472 18-Jan-2014 20:30 Send private message

mattwnz:
TheHoss:
mattwnz: I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.


Yes, non TM email address was the first thing to give it away. I think the fact that the item it referred to was an XBOX would make some poor parent assume their kid has been on their TM account with their credit card, and that they would definitely want to reverse the charge.


I think I would have also looked into it more if it had been a trademe address, especially as they used the email address that I used for trademe, which isn't the normal one I use. I wonder how they got that. I did however look up the auction number to see if it was legit, but it was an auction for something else, so obviously a scam.


Don't all of these xtra/yahoo email blunders allow hackers to look at email inboxes? Perhaps they can just search for any email that mentions trademe and then launch the spam at all email address in those emails.

That way, even if you do not use that compromised email system, if you have had any trademe dealings with somebody whose email account has been compromised then your trame-email address is now known to the hackers.



2093 posts

Uber Geek
+1 received by user: 369

Subscriber

  Reply # 969526 19-Jan-2014 06:03 Send private message

I received an identical email mid last week but it was sent to my email address at work, which I have never used for Trademe - I always use my home address. However it was very convincing and had me worried for a while until I realised the address thing. I looked up the quoted ref/auction number on the real Trademe site and found it was was an actual auction but it was completed a year or so ago, was totally nothing to do with me and was for car parts or something.

gzt

8433 posts

Uber Geek
+1 received by user: 1031


  Reply # 969565 19-Jan-2014 10:06 Send private message

Scambusters is a good read for anyone who might be taken in by that http://scambusters.co.nz/scams.html

8477 posts

Uber Geek
+1 received by user: 2387

Trusted
Subscriber

  Reply # 969639 19-Jan-2014 13:54 One person supports this post Send private message

TheHoss: I'm sure most users here would be aware not to click on links in suspicious emails but I thought the below email I received was a very good attempt at scamming me! Good on 'em for trying...

"Hi user - ID (email address went here)

Your payment was accepted for auction 'XBOX 360 4Gb Slim Console' (#408303501). The seller has been instructed to ship the goods. XBOX 360 4Gb Slim Console
Reference #
408303501
Amount paid

$120.00
Card number

**** **** **** ****
Delivery address

New Zealand
03 90815800
Shipping

$24.00 Courier for Rural Area
Seller's email


If you haven't received the goods within seven days, please let us know. If you have any problems with the goods, please contact the seller directly.

Note: If you haven't authorized this transaction ,click the link below to cancel it and get full refund.
Go to Trade Me and cancel your transaction at :
http://www.trademe.co.nz/CancelPayment/profiles/services/
Happy trading! 

The Trade Me Team 
www.trademe.co.nz"

I copied the email into a spare VM I had running and followed the links which went to a fake Trade Me site hosted on a compromised webserver. The site requested TM login details (I entered false ones which the site accepted) and then the following page requested credit card info (name, card number, ccv, credit limit) to be able to cancel the transaction.

I made sure to pass this all on to abuse@trademe.co.nz but make sure to tell your friends (especially parents with kids piggybacking off their TM accounts) to watch out for this one.


I think I would be more inclined to await the arrival of my free Xbox....!





Create new topic








Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:






Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.