About Me

Seth Purdy

Seth Purdy

Read More

Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity

McAfee Labs :

Multitasking Fraudsters

Thursday, July 19, 2007 at 2:19pm by Seth Purdy
Seth Purdy

I had a recent encounter with online fraud and social engineering that was unusually complex.

I was selling an item on eBay. The item was brand new, and retails for $250. So, imagine my surprise when I received the email announcing the auction ended with a winning price of $395!

This was followed about two hours later by another email from eBay, notifying me that the auction had been canceled due to fraudulent bidding.

I didn’t think much of it, other than being mildly frustrated at later having to relist the item and wait for another auction to complete.

The next day I received a poorly constructed fake PayPal “confirmation” email, showing that the winner of the auction had sent me funds, not only for $395, but with an additional $100 for shipping! The terms at the end were distinctly out of synch with the actual PayPal process (warning of account cancellation unless the item was shipped and tracking number sent, and the highly suspect paypaldotenquiryatOfficeEmaildotnet address specified for communiations). The shipping address for the item? A location in Nigeria.

What I found interesting was that the hyperlink to the eBay item included in this fake payment email pointed to the United Kingdom version of eBay and with a completely different item number. That auction had been pulled as well by the time I recieved the email, so I couldn’t examine what was going on. My suspicion is that my original auction posting may have been duplicated in hopes that it would remain if the original auction was discovered as fraudulent and canceled. (BTW, kudos to eBay for quickly identifying and canceling both!)

About an hour after this fake payment message, I got an email from the “winner” of the auction:

Hot on the heels of this, I next received what ended up being the final communication:

Although the whole endeavor lacked a lot in establishing authenticity, I was intrigued by the different elements that were used in the attempt. To sum up, we have:

  1. Fraudulent bidding to push an eBay item well beyond its reasonable value, along with…
  2. Possible duplication of the auction posting in an attempt to support…
  3. A fraudulent PayPal notice, which includes social engineering elements of both additional money and threatened account suspension, followed by…
  4. Multiple communications from the auction “winner” that also include both negative (threatening to involve law enforcement) and positive (offer of possibly even more money beyond the already ridiculously inflated price) social engineering elements.

That’s a good amount of work to go through to get a hold of my $250 item! Nonetheless, I could imagine more sophistcated versions of such a multipronged fraud attack being disturbingly effective.

Bookmark and Share

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

 

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (4)

  • Omid October 25, 2008 5:31AM

    i happen the same fake email to me.and i was so sure about it to fast :O.so isearch in google to know more about that email: Pay-Paldotdotdotdotdotdotdotdotatofficeemaildotnet
    and i pound this page very nice of you seth thanks mate.

    Reply
  • Robert July 24, 2007 10:59AM

    Of course it was real obvious when they paid more than the item was worth. And the grammar used in the replies should have been yet another indication.
    I’ve received several spoofed ebay site, US Bank, and paypal spoof emails. Looks exactly like ebay. Even the url appears correct. I believe their link simply points to a server and the drive connection name was probably www.ebay.com.
    Just because the link address looks like www.ebay.com doesn’t mean that’s were you have been directed. Many corporate intranets use strategies to prevent you from seeing the real server name. When you open the site it might appear as www.ebay.com in the address bar but be actually directing you to something like \\204.205.15.122\j$\rippin of ebayers\mo money.
    Good idea to never login to any ebay link in an email or paypal link in an email.
    My favorite part of this guys attempt above was the threat to call the FBI. Oooooh scary. Maybe the CIA will should get involved too. LOL

    Reply
  • george July 22, 2007 10:54AM

    this is why I go after every spammer through spamcop (the original not the fake spamcop).

    George

    Reply
  • mazli murshid July 20, 2007 4:46AM

    Wow… thanks goodness to ebay to detect it earlier… I could not imagine this kind of thing will happen. I better to start take precaution steps on this.. anyway, good info from u Seth! ;)

    Reply