Very Good Trade Me Phishing Email...

Forums › Off topic › Very Good Trade Me Phishing Email...

TheHoss

36 posts

Geek

#138841 18-Jan-2014 19:47

I'm sure most users here would be aware not to click on links in suspicious emails but I thought the below email I received was a very good attempt at scamming me! Good on 'em for trying...

"Hi user - ID (email address went here)

Your payment was accepted for auction 'XBOX 360 4Gb Slim Console' (#408303501). The seller has been instructed to ship the goods. XBOX 360 4Gb Slim Console
Reference #
408303501
Amount paid
$120.00
Card number
**** **** **** ****
Delivery address
New Zealand
03 90815800
Shipping
$24.00 Courier for Rural Area
Seller's email

If you haven't received the goods within seven days, please let us know. If you have any problems with the goods, please contact the seller directly.

Note: If you haven't authorized this transaction ,click the link below to cancel it and get full refund.
Go to Trade Me and cancel your transaction at :
http://www.trademe.co.nz/CancelPayment/profiles/services/
Happy trading!

The Trade Me Team
www.trademe.co.nz"

I copied the email into a spare VM I had running and followed the links which went to a fake Trade Me site hosted on a compromised webserver. The site requested TM login details (I entered false ones which the site accepted) and then the following page requested credit card info (name, card number, ccv, credit limit) to be able to cancel the transaction.

I made sure to pass this all on to abuse@trademe.co.nz but make sure to tell your friends (especially parents with kids piggybacking off their TM accounts) to watch out for this one.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#969453 18-Jan-2014 19:50

Yes, you're right there, classical phishing expedition...

mattwnz

20141 posts

Uber Geek

#969454 18-Jan-2014 19:54

I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.

TheHoss

36 posts

Geek

#969455 18-Jan-2014 19:59

mattwnz: I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.

Yes, non TM email address was the first thing to give it away. I think the fact that the item it referred to was an XBOX would make some poor parent assume their kid has been on their TM account with their credit card, and that they would definitely want to reverse the charge.

mattwnz

20141 posts

Uber Geek

#969456 18-Jan-2014 20:07

TheHoss:
mattwnz: I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.

Yes, non TM email address was the first thing to give it away. I think the fact that the item it referred to was an XBOX would make some poor parent assume their kid has been on their TM account with their credit card, and that they would definitely want to reverse the charge.

I think I would have also looked into it more if it had been a trademe address, especially as they used the email address that I used for trademe, which isn't the normal one I use. I wonder how they got that. I did however look up the auction number to see if it was legit, but it was an auction for something else, so obviously a scam.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#969470 18-Jan-2014 20:25

mattwnz: I think I would have also looked into it more if it had been a trademe address, especially as they used the email address that I used for trademe, which isn't the normal one I use. I wonder how they got that. I did however look up the auction number to see if it was legit, but it was an auction for something else, so obviously a scam.

They could have gotten the email address from one of the people who won your auctions and corresponded on that address. But unless they sent emails to everyone on the person's address book the how would they know it was a Trade Me valid address?

Interesting...

jpoc

1043 posts

Uber Geek

#969472 18-Jan-2014 20:30

mattwnz:
TheHoss:
mattwnz: I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.

Yes, non TM email address was the first thing to give it away. I think the fact that the item it referred to was an XBOX would make some poor parent assume their kid has been on their TM account with their credit card, and that they would definitely want to reverse the charge.

I think I would have also looked into it more if it had been a trademe address, especially as they used the email address that I used for trademe, which isn't the normal one I use. I wonder how they got that. I did however look up the auction number to see if it was legit, but it was an auction for something else, so obviously a scam.

Don't all of these xtra/yahoo email blunders allow hackers to look at email inboxes? Perhaps they can just search for any email that mentions trademe and then launch the spam at all email address in those emails.

That way, even if you do not use that compromised email system, if you have had any trademe dealings with somebody whose email account has been compromised then your trame-email address is now known to the hackers.

eracode

Smpl Mnmlst
8846 posts

Uber Geek

ID Verified

Trusted

Subscriber

#969526 19-Jan-2014 06:03

I received an identical email mid last week but it was sent to my email address at work, which I have never used for Trademe - I always use my home address. However it was very convincing and had me worried for a while until I realised the address thing. I looked up the quoted ref/auction number on the real Trademe site and found it was was an actual auction but it was completed a year or so ago, was totally nothing to do with me and was for car parts or something.

Sometimes I just sit and think. Other times I just sit.

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

gzt

17104 posts

Uber Geek

Lifetime subscriber

#969565 19-Jan-2014 10:06

Scambusters is a good read for anyone who might be taken in by that http://scambusters.co.nz/scams.html

Geektastic

17942 posts

Uber Geek

Trusted

Lifetime subscriber

#969639 19-Jan-2014 13:54

TheHoss: I'm sure most users here would be aware not to click on links in suspicious emails but I thought the below email I received was a very good attempt at scamming me! Good on 'em for trying...

"Hi user - ID (email address went here)

Your payment was accepted for auction 'XBOX 360 4Gb Slim Console' (#408303501). The seller has been instructed to ship the goods. XBOX 360 4Gb Slim Console
Reference #
408303501
Amount paid
$120.00
Card number
**** **** **** ****
Delivery address
New Zealand
03 90815800
Shipping
$24.00 Courier for Rural Area
Seller's email

If you haven't received the goods within seven days, please let us know. If you have any problems with the goods, please contact the seller directly.

Note: If you haven't authorized this transaction ,click the link below to cancel it and get full refund.
Go to Trade Me and cancel your transaction at :
http://www.trademe.co.nz/CancelPayment/profiles/services/
Happy trading!

The Trade Me Team
www.trademe.co.nz"

I copied the email into a spare VM I had running and followed the links which went to a fake Trade Me site hosted on a compromised webserver. The site requested TM login details (I entered false ones which the site accepted) and then the following page requested credit card info (name, card number, ccv, credit limit) to be able to cancel the transaction.

I made sure to pass this all on to abuse@trademe.co.nz but make sure to tell your friends (especially parents with kids piggybacking off their TM accounts) to watch out for this one.

I think I would be more inclined to await the arrival of my free Xbox....!