This may be a Ebay Scam

[FLX109]

Heads UP: First thing about it is the price, 2nd is that if you are already logged in to ebay and click on ask seller a question it wants you to fill in your ebay id information and sign in (Do not sign in), also listing seems to shake back and forth so beware unless someone here knows the seller.

eBay Motors: Dodge : Ram 1500 (item 200199952306 end time Feb-20-08 09:48:17 PST)


FLX109

 

[dave6666]

Interesting. Look at the URL. Kind of strange.

You must be registered for see images

You must be registered for see images

 

[ViperTony]

My McAfee anti-phishing software went orange alert when I clicked the the "Place Bid" fake button on the page.

 

[mad0953]

Plus the ***** can't spell....what is "..warter proof" and NV is not the abbreviation for New York. Good catch FLX109.

 

[dave6666]

My McAfee anti-phishing software went orange alert when I clicked the the "Place Bid" fake button on the page.

Is that like a green beer detector on St. Patrick's Day?

 

[DrDJ]

There's some serious scammers out there, may have fooled a lot of people into giving their information if it wasn't for the ridiculous price. Anyone try an invalid sign in?

DrDJ

 

[johnk]

If you cut the auction number from that page, go to Ebay independantly and paste it, you'll see there's no such auction

 

[FLX109]

I guess he changed the auction, there is no buy it know and you can ask a question but still a little bit suspicious.

 

[AZTVR]

I guess he changed the auction, there is no buy it know and you can ask a question but still a little bit suspicious.

A very clever scammer for sure !!! I hadn't heard of this trick before. Click on the Bid button or Ask Seller a Question button, and he takes you to a fake web page that looks like eBay's login, then steals your ID ! I've reported it to eBay. (or at least I think that I did. )

 

[slysnake]

It's called cross site scripting. A basic hackers trick. Definately stay away from it.

 

[costanZo]

It's called cross site scripting. A basic hackers trick. Definately stay away from it.

Yes.. def stay away
It's called Phishing: Phishing - Wikipedia, the free encyclopedia

 

[slysnake]

Yes, phishing is the goal. Guess I was looking ath the method.

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits

 

[RoadiJeff]

I guess I don't see the scam part. I clicked on the link in the original message and read the listing.

I then opened a new window, went to ebay.com, and typed in the VIN that is in the item description and did a search. It goes right to an official eBay listing of the same vehicle.

 

[AZTVR]

I guess I don't see the scam part. I clicked on the link in the original message and read the listing.

I then opened a new window, went to ebay.com, and typed in the VIN that is in the item description and did a search. It goes right to an official eBay listing of the same vehicle.

1. What internet browser are you using ? (Microsoft Internet Explorer, Netscape, Mozilla Firefox, etc ? )
2. What add-on security software are you using ? (Symantec Norton anti-virus, etc.)

I have IE and Symantec and with my set-up the web page loads up with the fraudulent links.

When I go to the eBay auction in question, 200199952306 , it first starts to load normally, and then within a quarter second, the "fake" links load. If I hit the escape button before that quarter second is up, the "PLACE BID" and the "ASK SELLER A QUESTION" link to the correct eBay sites, and the auction number is still displayed correctly as 200199952306.

When I watch it load up completely, I can see the page change slightly and then the "PLACE BID" button changes to "BUY IT NOW" button and if I were to click it, or the "ASK SELLER A QUESTION" they now link to a ".cz" domain in the Czech Republic, or somewhere not belonging to eBay.

I have reported this to eBay twice, and they have not removed it, so, it is too clever for whoever is manning their security desk.

 

[slysnake]

It's a simple trick really. I bet the fact is they don't care enough to worry about it. When I was looking for a car I would visit ebay and auto trader. Both had several scams listed. I complained and nothing ever happened.

Here's a good example: Cars For Sale: Car Details - AutoTrader.com

This car is pure scam. I called about it several times, over several months, and it was always "We just sold it, but give me your info and we will contact you when we get something similar."

Hmmmm.... Look, it's still advertized. I complained to auto trader but nothing get's done.

Beware of scams on these sights, they are rife with them.

 

[RoadiJeff]

1. What internet browser are you using ? (Microsoft Internet Explorer, Netscape, Mozilla Firefox, etc ? )
2. What add-on security software are you using ? (Symantec Norton anti-virus, etc.)

I'm using IE6. I have Windows XP firewall and Avast AV running in the background.

Okay, I just clicked on the link in the first message again. It took me to a listing on eBay, according to the address bar. I waited for about a minute and the address did not change.

I copied the VIN then closed that window, opened up a new one and manually typed in ebay.com. I pasted the VIN from the questionable listing into the search and it went right to the same page on eBay.

Next, I closed all IE windows, ran a few spam checkers, rebooted and went directly to ebay.com and logged in and told it to keep me logged in for the rest of the day. I closed that window.

I came back to this thread and clicked on the questionable link again. This time when I went to the page it showed my eBay user name. It also showed an item that I recently purchased that I still have to leave feedback on in "My eBay". How would a spoof website know what I had bid on?

I don't think there is anything fishy going on here, other than maybe a low price. What's a 2005 Ram like this worth?

 

[ViperTony]

1. What internet browser are you using ? (Microsoft Internet Explorer, Netscape, Mozilla Firefox, etc ? )
2. What add-on security software are you using ? (Symantec Norton anti-virus, etc.)

I have IE and Symantec and with my set-up the web page loads up with the fraudulent links.

When I go to the eBay auction in question, 200199952306 , it first starts to load normally, and then within a quarter second, the "fake" links load. If I hit the escape button before that quarter second is up, the "PLACE BID" and the "ASK SELLER A QUESTION" link to the correct eBay sites, and the auction number is still displayed correctly as 200199952306.

When I watch it load up completely, I can see the page change slightly and then the "PLACE BID" button changes to "BUY IT NOW" button and if I were to click it, or the "ASK SELLER A QUESTION" they now link to a ".cz" domain in the Czech Republic, or somewhere not belonging to eBay.

I have reported this to eBay twice, and they have not removed it, so, it is too clever for whoever is manning their security desk.

Same behavior was happening to me in FireFox. They were able to script in a fake place bid button that redirected to some website. eBay removed the listing, finally.

 

[TAXIMAN1]

An Ebay scam?? No way, I dont believe it... Everything on Ebay is legit.. (eyes rolling)