phishing


ebay fake customer service scam

(more…)

Score another extra large fail for sleazebay, preypal, and their paid undercover liar/ moderation/censorship service, commonly known as lieworld.

Posts containing live links to obvious phake or phishing pages were made upon the paypal community forum at ebaY. Not only were they allowed to remain, but were ‘bumped’ — not once, but twice, by two different well-known, dutiful forum ‘helpers’ or “advisors”, in two separate thread topics. The adviser/helper in the second thread shown here didn’t make so much as a peep to warn anyone.

For obvious reasons I won’t be linking to those posts, but I have screencaptures preserving the events. (opens in new tab or window)

live_phishing_on_ebay_forums_20130317_640

Here’s the second one where I caught the link properties:

live_phishing_paypal_forum_2_20130317_640c

It appears the website’s host has taken the dangerous site offline. At this time I get a 403 error attempting to load it. Still, no way of knowing how many victims were claimed due to lieworld’s shoddy ‘moderation’.

PayPal_ Community Help Boards_phishing_post_compositeThis type of incident has happened before. Last year a very similar thing occurred, and by golly, at least one of the very same helper/advisers kept that bumped then too. That post remained for days, but after a certain time, it was redirected to an ebaY login page. That means that anyone whom  already had their ebay and paypal logged-in got owned, (cookies stolen) while anyone without them was prompted to login, (and have password stolen) or was unable to see (and document) the scam. This type of thing adds heavily to the notion that ebay. paypal, and/or their moderation service have a hand in the phishing.  That telling event was fully documented at a now defunct ebay/paypal awareness site, also reported on the CAPP News forum.  I still have this remnant of that post etc.

Going back even a little further, I made a video which showed similar, with a nasty twist in the code used.

What makes all this extra, extra sleazy, when need be, such as facing negative news or social media attention, or when obvious SEC fraud is being discussed or uncovered, ebay/paypal/lieworld can move to delete, censor, cover-up things at blinding speed!

The overriding point: ebay and paypal are not safe! Avoid it/them at all costs! Their forums are a carnival sideshow dungheap.

These people are not professional. They are dishonest. They have their priorities all wrong. They do not care about you or anything other than their share price, which they will go to any length to protect. If that means breaking the law, being extra sleazy, cheating and/abusing you, or through incompetence or lack of concern, expose you to undue risks, so be it! If you get your ID stolen, hacked, have your bank account drained or whatever, they will blame you! That’s been observed and documented so many times we can’t recall them all.

I’ll leave you with a prime example just how quickly they respond/moderate when it means something important to them.

Dec 5, 2012 05:16 AM

Returned home today to find an email from Paypal for a payment for $199.74 to eBay seller PINZOO I never made. I didn’t click and links but it was sent to may Paypal email address and addressed me by name. All email links were shown as in .ru though. No debit’s were shown in Paypal though and no activity shown in my bank account. My guess is if I logged in to Paypal using any of the links in the email it would have attempted the charge. This one is real looking with fake links to the resolution center even.

Ebay Members Receiving Paypal Phishing Emails Addressed to their Proper Name

I’ve been observing and documenting instances of Paypal clients receiving phishing emails addressed to their real, proper names. They seem to be on the increase.

Paypal’s Suspicious Activity on Your PayPal Account? We Can Help advisory page states that a genuine email from them will contain your real first and last name or your business name, thus the greatly elevated risk involved with bogus or phishing emails which include such. In effect, rank and file members (and noted cheerleaders too) are being spearphished.

Suspicious_Activity_on_Your_PayPal_Account_20121205_640ce

I’m wondering whether Paypal may update or modify that advice, along with similar statements on their recorded telephone messages people listen to while on hold for their over-burdened customer service?

The question remains: How did the scammer/phishers obtain the names? There are only so many plausible possibilities. The two most obvious which come to mind: hacking and insider issues.

If through any fault or breach of Paypal, don’t expect anything other than cover-up and denial, as their past behavior shows. ( in case anyone was wondering , Yes! Paypal has been hacked! Many times over!)

Paypal has ignored and sought to cover up data leaks which posed very serious risk to users. They refused  to accept, examine the data or notify users of the breaches. They’ve also had at least one alleged and visually documented incident of insider fraud with members’ personal info.

In the above linked discussion thread You’ll note that one poster jokes:

“Has it ever occurred to you that it isn’t phishing but just an additional funding source for JD’s retirement package ???

But that scenario may not be too far fetched, especially in the bizzarro world landscape of ebaypal these days,  as any number of bonafide studies from across the gamut of independent, academia, security, and government sectors and over the years show. Here’s an excerpt from one of them:

Major Findings of the Insider Threat Study Report on the Banking and Finance Sector

… Major findings, which present examples of insider methods as well as means of detecting insider activities in this sector, include:

• Most of the incidents in the banking and finance sector were not technically sophisticated or complex.  They typically involved the exploitation of non-technical vulnerabilities such as business rules or organization policies (rather than vulnerabilities in an information system or network) by individuals who had little or no technical expertise.   In 87% of the cases the insiders employed simple, legitimate user commands to carry out the incidents, and in 78% of the incidents, the insiders were authorized users with active computer accounts.
• The majority of the incidents (81%) were devised and planned in advance.  Furthermore, in most cases, others had knowledge of the insider’s intentions, plans, and/or activities.  Those who knew were often directly involved in the planning or stood to benefit from the activity.
• Most insiders (81%) were motivated by financial gain, rather than a desire to harm the company or information system.
• Insiders in this report fit no common profile.   Only 23% held a technical position, 13% had a demonstrated interest in “hacking” and 27% had come to the attention of a supervisor or co-worker prior to the incident.
• Insider incidents were detected by internal, as well as external, individuals – including customers.
• The impact of nearly all insider incidents in the banking and finance sector was financial loss for the victim organization: in 30% of the cases the financial loss exceeded $500,000.  Many victim organizations incurred harm to multiple aspects of the organization.
• Most of the incidents (83%) were executed physically from within the insider’s organization and took place during normal business hours.

Paypal also sends their communiques with clickable links, despite the fact that not clicking them is the number 1 rule to avoid phishing. This has been a perennial issue.

They are, in practice and in fact conditioning their users to be comfortable with, and presumably, to click the links within Paypal emails. What other possible reason could there be? If they did not want people to click links, there would be none to click! Ever. This is so simple a concept it really shouldn’t even need to be stated.

So why haven’t the brainiacs at Paypal considered that? Good question. I can think of millions, if not billions of reasons.

Of course the fun never ends. Look to see a well known PayPal advisor state that having your real name on a paypal email is no assurance of authenticity.  Also paypal sending back incorrect info regarding spoof emails submitted to them  http://bit.ly/UtAA9w

Yet more cross scripting flaws discovered on PayPal site(s)…

From Softpedia, via xssed.com

Two security researchers have independently identified cross-site scripting vulnerabilities in PayPal’s mobile and sandbox websites over the weekend, which could have been exploited in phishing attacks.

The XSS weakness on the registration.sandbox.paypal.com website was discovered by a member of the Romanian Security Team (RST) outfit, who goes by the online nickname of Nemessis.

article continues…

One vulnerability is confirmed fixed.

Please take note who is researching and reporting, Romanian bashers…

This reminds me of another incident which happened a while back. Also, If you haven’t been paying attention, it’s been reported that several smartphones are vulnerable to MITM attacks

Romanian Detained Over eBay Cyber Fraud

Romanian detained over a $3 million cyber fraud against eBay Inc.

Very interesting article from abc news:

Romanian authorities have detained a man suspected of committing cyber fraud worth $3 million against the company eBay Inc.

Organized crime prosecutors say Liviu Mihail Concioiu is being investigated for “phishing” attacks against 3,000 of eBay Inc. employees.

They said Thursday that Concioiu allegedly stole the employees’ IDs and passwords in 2009 and accessed company files, including an application with the data base of eBay clients and their transactions. Concioiu then used “phishing” sites to access the accounts of about 1,200 eBay users.

It would appear the ebay database has been hacked, cracked, and zombied AGAIN.

(or is that still?)

Also notice how the term ‘phishing’ is constantly used.  ebaY doesn’t like the “H” word it seems. But “phishing” alone does not get you access to the files and data described. We call that “HACKING

rotflmao! Who could imagine?

It also tells us that ebay employees must not be too savvy if they are falling for whatever tricks are being used to gain the logins etc.

No mention of any response from ebay.

With IT’s long and repeated history of such events, you should ask yourself whether you trust this unsafe outfit with your personal and financial data?

PayPal fails to follow its own anti-phishing advice

Hilarious! This has been reported and demonstrated over and again. My only conclusion is that PayPal themselves must be behind a good deal of the phishing and attempts thereof.  It’s a Pavlovian thing. (BTW, ebay still does it too.)

What other possible explanation could there be?

If ebaY and PayPal were truly interested in combatting phishing they would send emails with no html, no links etc. No one should know that and be more aware than they.

Here are some highlights from the article posted on September 9 2010 on Helpnet Security

“According to The Register, PayPal UK has violated its own anti-phishing advice when it sent out an email containing a direct link to the updated user agreement to its users, because one of the tips on avoiding phishing scams contained in the quiz says that the users should “always log into PayPal by opening a new browser and typing in the following: https://www.paypal.com.”

PayPal confirmed that the email is legitimate, but points out that it also contains the information that the users can type paypal.co.uk into the browser if they aren’t completely sure that the offered link is safe to click on.

“PayPal does not advise people not to click on links in emails, rather to exercise caution. Users are advised to check the URL of any link to make sure it does not direct them to something unexpected, as you know they can do this by hovering their mouse over the link,” it says in their comment.

Do you trust this outfit with your personal and financial data?