Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




32 posts

Geek
+1 received by user: 5


Topic # 138841 18-Jan-2014 19:47
Send private message

I'm sure most users here would be aware not to click on links in suspicious emails but I thought the below email I received was a very good attempt at scamming me! Good on 'em for trying...

"Hi user - ID (email address went here)

Your payment was accepted for auction 'XBOX 360 4Gb Slim Console' (#408303501). The seller has been instructed to ship the goods. XBOX 360 4Gb Slim Console
Reference #
408303501
Amount paid

$120.00
Card number

**** **** **** ****
Delivery address

New Zealand
03 90815800
Shipping

$24.00 Courier for Rural Area
Seller's email


If you haven't received the goods within seven days, please let us know. If you have any problems with the goods, please contact the seller directly.

Note: If you haven't authorized this transaction ,click the link below to cancel it and get full refund.
Go to Trade Me and cancel your transaction at :
http://www.trademe.co.nz/CancelPayment/profiles/services/
Happy trading! 

The Trade Me Team 
www.trademe.co.nz"

I copied the email into a spare VM I had running and followed the links which went to a fake Trade Me site hosted on a compromised webserver. The site requested TM login details (I entered false ones which the site accepted) and then the following page requested credit card info (name, card number, ccv, credit limit) to be able to cancel the transaction.

I made sure to pass this all on to abuse@trademe.co.nz but make sure to tell your friends (especially parents with kids piggybacking off their TM accounts) to watch out for this one.

Create new topic
BDFL - Memuneh
59053 posts

Uber Geek
+1 received by user: 10336

Administrator
Trusted
Geekzone
Subscriber

  Reply # 969453 18-Jan-2014 19:50
Send private message
13318 posts

Uber Geek
+1 received by user: 1586


  Reply # 969454 18-Jan-2014 19:54
Send private message

I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.

 
 
 
 




32 posts

Geek
+1 received by user: 5


  Reply # 969455 18-Jan-2014 19:59
Send private message

mattwnz: I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.


Yes, non TM email address was the first thing to give it away. I think the fact that the item it referred to was an XBOX would make some poor parent assume their kid has been on their TM account with their credit card, and that they would definitely want to reverse the charge.

13318 posts

Uber Geek
+1 received by user: 1586


  Reply # 969456 18-Jan-2014 20:07
Send private message

TheHoss:
mattwnz: I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.


Yes, non TM email address was the first thing to give it away. I think the fact that the item it referred to was an XBOX would make some poor parent assume their kid has been on their TM account with their credit card, and that they would definitely want to reverse the charge.


I think I would have also looked into it more if it had been a trademe address, especially as they used the email address that I used for trademe, which isn't the normal one I use. I wonder how they got that. I did however look up the auction number to see if it was legit, but it was an auction for something else, so obviously a scam.

BDFL - Memuneh
59053 posts

Uber Geek
+1 received by user: 10336

Administrator
Trusted
Geekzone
Subscriber

  Reply # 969470 18-Jan-2014 20:25
Send private message

mattwnz: I think I would have also looked into it more if it had been a trademe address, especially as they used the email address that I used for trademe, which isn't the normal one I use. I wonder how they got that. I did however look up the auction number to see if it was legit, but it was an auction for something else, so obviously a scam.


They could have gotten the email address from one of the people who won your auctions and corresponded on that address. But unless they sent emails to everyone on the person's address book the how would they know it was a Trade Me valid address?

Interesting...





698 posts

Ultimate Geek
+1 received by user: 146


  Reply # 969472 18-Jan-2014 20:30
Send private message

mattwnz:
TheHoss:
mattwnz: I didn't think it was that good, because the email address it was sent from wasn't even a trademe one. If they had used a trademe one, it would have been more convincing. But I am sure it sucked in quite a few people, especially as some may think that someone has purchased something on their account, and they will want to dispute the charge.


Yes, non TM email address was the first thing to give it away. I think the fact that the item it referred to was an XBOX would make some poor parent assume their kid has been on their TM account with their credit card, and that they would definitely want to reverse the charge.


I think I would have also looked into it more if it had been a trademe address, especially as they used the email address that I used for trademe, which isn't the normal one I use. I wonder how they got that. I did however look up the auction number to see if it was legit, but it was an auction for something else, so obviously a scam.


Don't all of these xtra/yahoo email blunders allow hackers to look at email inboxes? Perhaps they can just search for any email that mentions trademe and then launch the spam at all email address in those emails.

That way, even if you do not use that compromised email system, if you have had any trademe dealings with somebody whose email account has been compromised then your trame-email address is now known to the hackers.



2320 posts

Uber Geek
+1 received by user: 531

Subscriber

  Reply # 969526 19-Jan-2014 06:03
Send private message

I received an identical email mid last week but it was sent to my email address at work, which I have never used for Trademe - I always use my home address. However it was very convincing and had me worried for a while until I realised the address thing. I looked up the quoted ref/auction number on the real Trademe site and found it was was an actual auction but it was completed a year or so ago, was totally nothing to do with me and was for car parts or something.

gzt

9150 posts

Uber Geek
+1 received by user: 1290


  Reply # 969565 19-Jan-2014 10:06
Send private message

Scambusters is a good read for anyone who might be taken in by that http://scambusters.co.nz/scams.html

9889 posts

Uber Geek
+1 received by user: 3011

Trusted
Subscriber

  Reply # 969639 19-Jan-2014 13:54
One person supports this post
Send private message

TheHoss: I'm sure most users here would be aware not to click on links in suspicious emails but I thought the below email I received was a very good attempt at scamming me! Good on 'em for trying...

"Hi user - ID (email address went here)

Your payment was accepted for auction 'XBOX 360 4Gb Slim Console' (#408303501). The seller has been instructed to ship the goods. XBOX 360 4Gb Slim Console
Reference #
408303501
Amount paid

$120.00
Card number

**** **** **** ****
Delivery address

New Zealand
03 90815800
Shipping

$24.00 Courier for Rural Area
Seller's email


If you haven't received the goods within seven days, please let us know. If you have any problems with the goods, please contact the seller directly.

Note: If you haven't authorized this transaction ,click the link below to cancel it and get full refund.
Go to Trade Me and cancel your transaction at :
http://www.trademe.co.nz/CancelPayment/profiles/services/
Happy trading! 

The Trade Me Team 
www.trademe.co.nz"

I copied the email into a spare VM I had running and followed the links which went to a fake Trade Me site hosted on a compromised webserver. The site requested TM login details (I entered false ones which the site accepted) and then the following page requested credit card info (name, card number, ccv, credit limit) to be able to cancel the transaction.

I made sure to pass this all on to abuse@trademe.co.nz but make sure to tell your friends (especially parents with kids piggybacking off their TM accounts) to watch out for this one.


I think I would be more inclined to await the arrival of my free Xbox....!





Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UFB killer app: Speed
Posted 17-Nov-2017 17:01


The case for RSS — MacSparky
Posted 13-Nov-2017 14:35


WordPress and Indieweb: Take control of your online presence — 6:30 GridAKL Nov 30
Posted 11-Nov-2017 13:43


Chorus reveals technology upgrade for schools, students
Posted 10-Nov-2017 10:28


Vodafone says Internet of Things (IoT) crucial for digital transformation
Posted 10-Nov-2017 10:06


Police and Facebook launch AMBER Alerts system in NZ
Posted 9-Nov-2017 10:49


Amazon debuts Fire TV Stick Basic Edition in over 100 new countries
Posted 8-Nov-2017 05:34


Vodafone VoIP transition to start this month
Posted 7-Nov-2017 12:33


Spark enhances IoT network capability
Posted 7-Nov-2017 11:33


Vocus NZ sale and broadband competition
Posted 6-Nov-2017 14:36


Hawaiki reaches key milestone in landmark deep-sea fibre project
Posted 4-Nov-2017 13:53


Countdown launches new proximity online shopping app
Posted 4-Nov-2017 13:50


Nokia 3310 to be available through Spark New Zealand
Posted 4-Nov-2017 13:31


Nest launches in New Zealand
Posted 4-Nov-2017 12:31


Active wholesale as Chorus tackles wireless challenge
Posted 3-Nov-2017 10:55



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.