Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




32 posts

Geek
+1 received by user: 5


Topic # 138841 18-Jan-2014 19:47 Send private message

I'm sure most users here would be aware not to click on links in suspicious emails but I thought the below email I received was a very good attempt at scamming me! Good on 'em for trying...

"Hi user - ID (email address went here)

Your payment was accepted for auction 'XBOX 360 4Gb Slim Console' (#408303501). The seller has been instructed to ship the goods. XBOX 360 4Gb Slim Console
Reference #
408303501
Amount paid

$120.00
Card number

**** **** **** ****
Delivery address

New Zealand
03 90815800
Shipping

$24.00 Courier for Rural Area
Seller's email


If you haven't received the goods within seven days, please let us know. If you have any problems with the goods, please contact the seller directly.

Note: If you haven't authorized this transaction ,click the link below to cancel it and get full refund.
Go to Trade Me and cancel your transaction at :
http://www.trademe.co.nz/CancelPayment/profiles/services/
Happy trading! 

The Trade Me Team 
www.trademe.co.nz"

I copied the email into a spare VM I had running and followed the links which went to a fake Trade Me site hosted on a compromised webserver. The site requested TM login details (I entered false ones which the site accepted) and then the following page requested credit card info (name, card number, ccv, credit limit) to be able to cancel the transaction.

I made sure to pass this all on to abuse@trademe.co.nz but make sure to tell your friends (especially parents with kids piggybacking off their TM accounts) to watch out for this one.

Create new topic
BDFL - Memuneh
57873 posts

Uber Geek
+1 received by user: 9473

Administrator
Trusted
Geekzone
Subscriber

  Reply # 969453 18-Jan-2014 19:50 Send private message

Yes, you're right there, classical phishing expedition...




12463 posts

Uber Geek
+1 received by user: 1381


  Reply # 969454 18-Jan-2014 19:54 Send private message

I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.

 

 





32 posts

Geek
+1 received by user: 5


  Reply # 969455 18-Jan-2014 19:59 Send private message

mattwnz: I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.


Yes, non TM email address was the first thing to give it away. I think the fact that the item it referred to was an XBOX would make some poor parent assume their kid has been on their TM account with their credit card, and that they would definitely want to reverse the charge.

12463 posts

Uber Geek
+1 received by user: 1381


  Reply # 969456 18-Jan-2014 20:07 Send private message

TheHoss:
mattwnz: I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.


Yes, non TM email address was the first thing to give it away. I think the fact that the item it referred to was an XBOX would make some poor parent assume their kid has been on their TM account with their credit card, and that they would definitely want to reverse the charge.


I think I would have also looked into it more if it had been a trademe address, especially as they used the email address that I used for trademe, which isn't the normal one I use. I wonder how they got that. I did however look up the auction number to see if it was legit, but it was an auction for something else, so obviously a scam.

BDFL - Memuneh
57873 posts

Uber Geek
+1 received by user: 9473

Administrator
Trusted
Geekzone
Subscriber

  Reply # 969470 18-Jan-2014 20:25 Send private message

mattwnz: I think I would have also looked into it more if it had been a trademe address, especially as they used the email address that I used for trademe, which isn't the normal one I use. I wonder how they got that. I did however look up the auction number to see if it was legit, but it was an auction for something else, so obviously a scam.


They could have gotten the email address from one of the people who won your auctions and corresponded on that address. But unless they sent emails to everyone on the person's address book the how would they know it was a Trade Me valid address?

Interesting...





646 posts

Ultimate Geek
+1 received by user: 130


  Reply # 969472 18-Jan-2014 20:30 Send private message

mattwnz:
TheHoss:
mattwnz: I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.


Yes, non TM email address was the first thing to give it away. I think the fact that the item it referred to was an XBOX would make some poor parent assume their kid has been on their TM account with their credit card, and that they would definitely want to reverse the charge.


I think I would have also looked into it more if it had been a trademe address, especially as they used the email address that I used for trademe, which isn't the normal one I use. I wonder how they got that. I did however look up the auction number to see if it was legit, but it was an auction for something else, so obviously a scam.


Don't all of these xtra/yahoo email blunders allow hackers to look at email inboxes? Perhaps they can just search for any email that mentions trademe and then launch the spam at all email address in those emails.

That way, even if you do not use that compromised email system, if you have had any trademe dealings with somebody whose email account has been compromised then your trame-email address is now known to the hackers.



2145 posts

Uber Geek
+1 received by user: 420

Subscriber

  Reply # 969526 19-Jan-2014 06:03 Send private message

I received an identical email mid last week but it was sent to my email address at work, which I have never used for Trademe - I always use my home address. However it was very convincing and had me worried for a while until I realised the address thing. I looked up the quoted ref/auction number on the real Trademe site and found it was was an actual auction but it was completed a year or so ago, was totally nothing to do with me and was for car parts or something.

gzt

8549 posts

Uber Geek
+1 received by user: 1063


  Reply # 969565 19-Jan-2014 10:06 Send private message

Scambusters is a good read for anyone who might be taken in by that http://scambusters.co.nz/scams.html

8791 posts

Uber Geek
+1 received by user: 2519

Trusted
Subscriber

  Reply # 969639 19-Jan-2014 13:54 One person supports this post Send private message

TheHoss: I'm sure most users here would be aware not to click on links in suspicious emails but I thought the below email I received was a very good attempt at scamming me! Good on 'em for trying...

"Hi user - ID (email address went here)

Your payment was accepted for auction 'XBOX 360 4Gb Slim Console' (#408303501). The seller has been instructed to ship the goods. XBOX 360 4Gb Slim Console
Reference #
408303501
Amount paid

$120.00
Card number

**** **** **** ****
Delivery address

New Zealand
03 90815800
Shipping

$24.00 Courier for Rural Area
Seller's email


If you haven't received the goods within seven days, please let us know. If you have any problems with the goods, please contact the seller directly.

Note: If you haven't authorized this transaction ,click the link below to cancel it and get full refund.
Go to Trade Me and cancel your transaction at :
http://www.trademe.co.nz/CancelPayment/profiles/services/
Happy trading! 

The Trade Me Team 
www.trademe.co.nz"

I copied the email into a spare VM I had running and followed the links which went to a fake Trade Me site hosted on a compromised webserver. The site requested TM login details (I entered false ones which the site accepted) and then the following page requested credit card info (name, card number, ccv, credit limit) to be able to cancel the transaction.

I made sure to pass this all on to abuse@trademe.co.nz but make sure to tell your friends (especially parents with kids piggybacking off their TM accounts) to watch out for this one.


I think I would be more inclined to await the arrival of my free Xbox....!





Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Edifier R1700BT speakers review: Luxury Bluetooth sounds
Posted 28-May-2017 13:06


National AI group launching next month
Posted 25-May-2017 09:54


New Zealand Digital Future, according to tech companies
Posted 25-May-2017 09:51


New Microsoft Surface Pro delivers outstanding battery life, performance
Posted 25-May-2017 09:34


Garmin VIRB 360 brings immersive 360-degree 5.7K camera experience
Posted 25-May-2017 09:30


Telecommunications monitoring report: Are you being served?
Posted 24-May-2017 11:54


NetValue partners with CRM Provider SugarCRM
Posted 23-May-2017 20:04


Terabyte looms as Vocus users download 430GB a month
Posted 19-May-2017 14:51


2degrees tips into profit after seven lean years
Posted 19-May-2017 09:47


2degrees growth story continues
Posted 17-May-2017 15:25


Symantec Blocks 22 Million Attempted WannaCry Ransomware Attacks Globally
Posted 17-May-2017 12:41


HPE Unveils Computer Built for the Era of Big Data
Posted 17-May-2017 12:39


Samsung Galaxy S8 Plus review: Beautiful, feature-packed
Posted 16-May-2017 20:14


After ten years of mail pain Spark is done with Yahoo
Posted 15-May-2017 13:12


Warnings from security firms: do not click that link or risk your computer being infected
Posted 15-May-2017 10:11



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.