Won’t get fooled again …


No, this post has nothing to do with the early 1970’s song by The Who, but to the bad practices by some on eBay. You may remember a previous post last week when I got caught by a fake seller. My, I suppose it’s greed, led me to purchase an item that turned out to be from a compromised site. The good news is that I got a refund more or less the following day.

Well, today was something different. I am nearly ready for some more ink for my printer. I tend to buy it from the same seller each time. It’s a competitive price and the seller send me an envelope so that the empty cartridges can be recycled. So I was checking to see if his price was indeed a good bargain and looked at the ‘suggestions’ at the bottom of the page. They all seemed to be in roughly the same price bracket of between £18.00 and £20.00. Then I spotted one at £5.00! It was being sold, supposedly by a well renowned and respected seller called Car****ge K**G. The stupid thing was that at the side of, what I knew to be a fake, was cartridges sold by the genuine Car***ge K**G selling at £19.49. After about 10 minutes hunting around the site and a quick search on Google, I was able to locate the method of reporting the seller.

This difference this time was that the seller had set-up a fake profile and used images from the genuine seller. Whereas the previous time, the genuine account had been compromised. I’m told that both methods are so easy to do. For a compromised site, it is usually a site that has not been used for a while. Maybe set-up to make a single private sale and never used again. The second method, anyone can do. You simply set-up an account and start conning people.

Note to eBay: maybe have a look at some price comparisons. You may be surprised.

Twice in as many days …


It’s beginning to get a little annoying now. This morning I got the second spoof email purporting to come from PayPal. Yesterdays was quite convincing if it had not been for the two spelling mistakes. SpooferA casual reader may not have spotted ‘bellow’ instead of ‘below’ and ‘passwurd’ instead of password. Inviting me to click on the  link ‘bellow’ to cancel the payment and change my ‘passwurd as a precaution. They had managed to get my email right, but did not include the usual checks that PayPal have in place. Todays was just an obvious spoof. Easily spotted by the way it was addressed “Dear (insert username here)‘” at the beginning of the email text

Now after working in an IT scenario for a number of years, I’ve become quite adept at spotting when an email looks wrong, but many people would have believed the first one. I have heard of people clicking these types of links and getting their personal payment details stolen.

Of course I report these kind of phishing emails, but I’m not sure anything gets done. I usually get an email back, a day or so later thanking me for reporting them and advising me to check my account an change my password. I add the address to my blocked list but the next time it will come from a different address. K*** gets many emails that look like they have come from AT&T that are fake. Usually start with “ATTCustomerCare@”, but then the next part of the address is so obviously false. Again, I have reported these to AT&T, but they don’t even respond. All a little annoying.

Update – I have just had a reply about the second spoof email. Even though there was over 100 intended recipients and even though the email was addressed badly, PayPal have deemed it not the be fraudulent. I have asked them to take another look.