Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicVery Good Trade Me Phishing Email...


35 posts

Geek
+1 received by user: 5


# 138841 18-Jan-2014 19:47
Send private message

I'm sure most users here would be aware not to click on links in suspicious emails but I thought the below email I received was a very good attempt at scamming me! Good on 'em for trying...

"Hi user - ID (email address went here)

Your payment was accepted for auction 'XBOX 360 4Gb Slim Console' (#408303501). The seller has been instructed to ship the goods. XBOX 360 4Gb Slim Console
Reference #
408303501
Amount paid
$120.00
Card number
**** **** **** ****
Delivery address
New Zealand
03 90815800
Shipping
$24.00 Courier for Rural Area
Seller's email


If you haven't received the goods within seven days, please let us know. If you have any problems with the goods, please contact the seller directly.

Note: If you haven't authorized this transaction ,click the link below to cancel it and get full refund.
Go to Trade Me and cancel your transaction at :
http://www.trademe.co.nz/CancelPayment/profiles/services/
Happy trading! 

The Trade Me Team 
www.trademe.co.nz"

I copied the email into a spare VM I had running and followed the links which went to a fake Trade Me site hosted on a compromised webserver. The site requested TM login details (I entered false ones which the site accepted) and then the following page requested credit card info (name, card number, ccv, credit limit) to be able to cancel the transaction.

I made sure to pass this all on to abuse@trademe.co.nz but make sure to tell your friends (especially parents with kids piggybacking off their TM accounts) to watch out for this one.

Create new topic
BDFL - Memuneh
63638 posts

Uber Geek
+1 received by user: 14095

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 969453 18-Jan-2014 19:50
Send private message

Yes, you're right there, classical phishing expedition...




Sharesies | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff)

 

My technology disclosure | Business Transformation | Enterprise Content Management | Customer Relationship Management | Sharesies investment fund

14906 posts

Uber Geek
+1 received by user: 2028


  # 969454 18-Jan-2014 19:54
Send private message

I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.

 
 
 
 




35 posts

Geek
+1 received by user: 5


  # 969455 18-Jan-2014 19:59
Send private message

mattwnz: I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.


Yes, non TM email address was the first thing to give it away. I think the fact that the item it referred to was an XBOX would make some poor parent assume their kid has been on their TM account with their credit card, and that they would definitely want to reverse the charge.

14906 posts

Uber Geek
+1 received by user: 2028


  # 969456 18-Jan-2014 20:07
Send private message

TheHoss:
mattwnz: I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.


Yes, non TM email address was the first thing to give it away. I think the fact that the item it referred to was an XBOX would make some poor parent assume their kid has been on their TM account with their credit card, and that they would definitely want to reverse the charge.


I think I would have also looked into it more if it had been a trademe address, especially as they used the email address that I used for trademe, which isn't the normal one I use. I wonder how they got that. I did however look up the auction number to see if it was legit, but it was an auction for something else, so obviously a scam.

BDFL - Memuneh
63638 posts

Uber Geek
+1 received by user: 14095

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 969470 18-Jan-2014 20:25
Send private message

mattwnz: I think I would have also looked into it more if it had been a trademe address, especially as they used the email address that I used for trademe, which isn't the normal one I use. I wonder how they got that. I did however look up the auction number to see if it was legit, but it was an auction for something else, so obviously a scam.


They could have gotten the email address from one of the people who won your auctions and corresponded on that address. But unless they sent emails to everyone on the person's address book the how would they know it was a Trade Me valid address?

Interesting...




Sharesies | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff)

 

My technology disclosure | Business Transformation | Enterprise Content Management | Customer Relationship Management | Sharesies investment fund

844 posts

Ultimate Geek
+1 received by user: 200


  # 969472 18-Jan-2014 20:30
Send private message

mattwnz:
TheHoss:
mattwnz: I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.


Yes, non TM email address was the first thing to give it away. I think the fact that the item it referred to was an XBOX would make some poor parent assume their kid has been on their TM account with their credit card, and that they would definitely want to reverse the charge.


I think I would have also looked into it more if it had been a trademe address, especially as they used the email address that I used for trademe, which isn't the normal one I use. I wonder how they got that. I did however look up the auction number to see if it was legit, but it was an auction for something else, so obviously a scam.


Don't all of these xtra/yahoo email blunders allow hackers to look at email inboxes? Perhaps they can just search for any email that mentions trademe and then launch the spam at all email address in those emails.

That way, even if you do not use that compromised email system, if you have had any trademe dealings with somebody whose email account has been compromised then your trame-email address is now known to the hackers.

Fork 'Andles
3514 posts

Uber Geek
+1 received by user: 1178

Subscriber

  # 969526 19-Jan-2014 06:03
Send private message

I received an identical email mid last week but it was sent to my email address at work, which I have never used for Trademe - I always use my home address. However it was very convincing and had me worried for a while until I realised the address thing. I looked up the quoted ref/auction number on the real Trademe site and found it was was an actual auction but it was completed a year or so ago, was totally nothing to do with me and was for car parts or something.

 
 
 
 


gzt

10761 posts

Uber Geek
+1 received by user: 1786


  # 969565 19-Jan-2014 10:06
Send private message

Scambusters is a good read for anyone who might be taken in by that http://scambusters.co.nz/scams.html

12902 posts

Uber Geek
+1 received by user: 4313

Trusted
Lifetime subscriber

  # 969639 19-Jan-2014 13:54
One person supports this post
Send private message

TheHoss: I'm sure most users here would be aware not to click on links in suspicious emails but I thought the below email I received was a very good attempt at scamming me! Good on 'em for trying...

"Hi user - ID (email address went here)

Your payment was accepted for auction 'XBOX 360 4Gb Slim Console' (#408303501). The seller has been instructed to ship the goods. XBOX 360 4Gb Slim Console
Reference #
408303501
Amount paid
$120.00
Card number
**** **** **** ****
Delivery address
New Zealand
03 90815800
Shipping
$24.00 Courier for Rural Area
Seller's email


If you haven't received the goods within seven days, please let us know. If you have any problems with the goods, please contact the seller directly.

Note: If you haven't authorized this transaction ,click the link below to cancel it and get full refund.
Go to Trade Me and cancel your transaction at :
http://www.trademe.co.nz/CancelPayment/profiles/services/
Happy trading! 

The Trade Me Team 
www.trademe.co.nz"

I copied the email into a spare VM I had running and followed the links which went to a fake Trade Me site hosted on a compromised webserver. The site requested TM login details (I entered false ones which the site accepted) and then the following page requested credit card info (name, card number, ccv, credit limit) to be able to cancel the transaction.

I made sure to pass this all on to abuse@trademe.co.nz but make sure to tell your friends (especially parents with kids piggybacking off their TM accounts) to watch out for this one.


I think I would be more inclined to await the arrival of my free Xbox....!





Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20

New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09

ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05

New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35

Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39

TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18

E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34

Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51

Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47

100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35

5G uptake even faster than expected
Posted 12-Jun-2019 10:01

Xbox showcases 60 anticipated games
Posted 10-Jun-2019 20:24

Trend Micro Turns Public Hotspots into Secure Networks with WiFi Protection for Mobile Devices
Posted 5-Jun-2019 13:24

Bold UK spinoff for beauty software company Flossie
Posted 2-Jun-2019 14:10

Amazon Introduces Echo Show 5
Posted 1-Jun-2019 15:32


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.