Page 2 of 5 <12345>
Topic Options
#6643913 - 04/26/13 10:12 PM Re: Heads Up on Phantom Lady #17 2nd chance offer spoof email [Re: Sqeggs]
SOTIcollector Offline
Talkative?


Registered: 07/30/10
Posts: 635
Loc: Massachusetts
Same story here. I got the phishing email and I was pretty sure it was a scam. But unlike most scams, it contained my actual eBay ID and my real name. Of course, if it were a real offer for a CGC 7.0 Phantom Lady 17 for my thrill bid price of $1600, I would have jumped on it. I immediately called Sparkle City, and the gentleman I spoke with (I didn't ask his name) confirmed that the email was a spoof.

I've watched Sparkle City's auctions from the sidelines, but I'm pretty sure I've never bought anything from them. So while it's conceivable they could have my real name, it's extremely unlikely. It seems to me far more likely that the scammer hacked eBay than Sparkle City.
_________________________
Steve O'Day, the SOTI guy

*****************Always looking for items related to the comic book censorship movement of the 1940's and 50's.****************************


I just gave away a FREE copy of Seduction of the Innocent! I gave it to a boardie for finding TWO of the undiscovered SOTI comics. Read about it here!

My kudos thread
My eBay feedback
My Website, MyComicArt.com

Top
Share
#6644201 - 04/27/13 12:13 AM Re: Heads Up on Phantom Lady #17 2nd chance offer spoof email [Re: Sqeggs]
Hoarder Offline
The Collectinator


Registered: 10/05/11
Posts: 379
Oh boy. I got one of these for that superman 1 coverless that was on eBay a short while go
Top
#6645241 - 04/27/13 02:47 PM Re: Heads Up on Phantom Lady #17 2nd chance offer spoof email [Re: Hoarder]
SOTIcollector Offline
Talkative?


Registered: 07/30/10
Posts: 635
Loc: Massachusetts
I was wondering how widespread this is. By simply Googling the dirtbag's email address, I found that the same scammer is trying the same scam with baseball cards, watches, and other stuff over $1K.

Scammer mention at Butterfly Labs

Scammer mention at BlowoutCards

The same scammer has been at it at least since April 4, according to the posts at Net54Baseball.com

Why stop at baseball cards and comic books? How about scamming for a nice Rolex watch?


In each of these cases, the scammer knows information about bidders (email addresses, prior bid amounts, eBay ID's) that should not be readily available to the pubilc. In each case, the scammer is tied to the same email address. The evidence seems pretty compelling. Is there any possible explanation for all this OTHER than concluding that eBay's "security" has been hacked in a big way?


Edited by SOTIcollector (04/27/13 03:05 PM)
_________________________
Steve O'Day, the SOTI guy

*****************Always looking for items related to the comic book censorship movement of the 1940's and 50's.****************************


I just gave away a FREE copy of Seduction of the Innocent! I gave it to a boardie for finding TWO of the undiscovered SOTI comics. Read about it here!

My kudos thread
My eBay feedback
My Website, MyComicArt.com

Top
#6645319 - 04/27/13 03:17 PM Re: Heads Up on Phantom Lady #17 2nd chance offer spoof email [Re: SOTIcollector]
Sqeggs Offline
Pedigreed


Registered: 05/24/08
Posts: 6004
The second chance scammer e-mail I received was on April 4, which may be when he started.

An e-mail I received today from eBay has the usual statement: "Your registered name is included to show this message originated from eBay."

The e-mail I received from the scammer also had my registered name. So this security message is no longer valid.


Edited by Sqeggs (04/27/13 03:18 PM)

Top
#6645638 - 04/27/13 06:21 PM Re: Heads Up on Phantom Lady #17 2nd chance offer spoof email [Re: Sqeggs]
brendanb438 Offline
I was posting here when you were in diapers.


Registered: 03/06/11
Posts: 3760
Loc: Cincinnati, OH
Yeah based on Googling that info it is safe to say eBay is the source of all of your info getting out.

Someone needs to call and escalate the call right away to someone in their Safe Harbor (or fraud dept by whatever name it goes by these days) and demand a manager.

Throw out the threat of lawsuit if you have to if the first rep won't escalate the call. This is some seriously bad *spoon* for this type of info to be now in the hands of this scammer.

Top
#6645957 - 04/27/13 08:35 PM Re: Heads Up on Phantom Lady #17 2nd chance offer spoof email [Re: brendanb438]
Doohickamabob Offline
TOTAL NEWBIE


Registered: 03/18/09
Posts: 6677
 Originally Posted By: brendanb438
Yeah based on Googling that info it is safe to say eBay is the source of all of your info getting out. Someone needs to call and escalate the call right away to someone in their Safe Harbor (or fraud dept by whatever name it goes by these days) and demand a manager. Throw out the threat of lawsuit if you have to if the first rep won't escalate the call. This is some seriously bad *spoon* for this type of info to be now in the hands of this scammer.

I don't think threatening a lawsuit to some lackey at a call center is going to make much of an impression, but one thing that will make an impression is if lots of people call eBay and report the activity, ask questions, and make the support staff spend time addressing the issue. Sooner or later the management will figure out they have a real problem.

I don't know that much about technical issues, but it is still possible that somebody is operating a sophisticated hacking/phishing/spoofing scheme from outside of eBay, as opposed to there being a security breach of eBay itself or from within eBay. It would take a lot more effort than the average hacker/scammer, but it could be done.

First the hacker would have to hack as many eBay accounts as possible, simply by using standard password-guessing programs and focusing them on sellers with high-value items, or buyers who have made high-value purchases. After a while the hacker could have a pretty good database of account passwords, which is why everybody (buyer and seller) who has been targeted by these scams should change their eBay password.

From that database, the hacker could then run a process that links each eBay account to its corresponding bidding activity, such as the little "t***7" or "m***4" type codes that show up when people bid. It would be easy enough to use some sort of data-mining process to find out whenver one of the people whose accounts you've hacked has placed a bid on an item.

From there it would be a matter of verifying that the bidder did not win the item, and then writing a process that sends spoofed emails offering a 2nd-chance purchase. The email address, person's name, and all their related account information (address, etc.) would be available. This is especially true if the person hacked is a seller, since there are ways to request contact information about anybody with whom you had a transaction. If any seller you've ever purchased from has been hacked, it is possible that you could be targeted for a spoof/phishing attempt that used your real name, email address, and even shipping address.

What I don't understand is how this person has been able to run this scheme for nearly a month without repercussion. No doubt eBay has received reports about this for a while now, and if they're good at investigating scams then they should have been able to obtain the person's email address and the bank routing information sent when people say they want to make the 2nd-chance purchase.

I would think this sort of fraud would merit high-level law enforcement, since it crosses both state lines and international borders. The FBI and Interpol ought to be on the case, and there ought to be a way to follow the money when bank transfers are made. (Then again....the banking system is more powerful than most any government agency...and subpoenas etc. take a long time...) I would also hope Google would aid investigations by supplying law enforcement with IP addresses where email activities could be traced, but again that would require somebody being on the ball and actively pursuing the case in a non-lackluster fashion.

I'd personally like to catch this type of scammer and kick him in the teeth.


Top
#6646310 - 04/27/13 10:55 PM Re: Heads Up on Phantom Lady #17 2nd chance offer spoof email [Re: Doohickamabob]
RareHighGrade Online   content
The Post-man always rings twice. Uhm... ring ring?


Registered: 06/09/03
Posts: 1824
Someone who actually falls for the scam might be able to make a difference if he sued ebay and established that (1) the scammer got the private info from ebay, and (2) ebay was on notice of the problem (which it is now), but did nothing to protect its users. That would be a pretty good case and could even form the basis for a class action.
Top
#6647031 - 04/28/13 09:22 AM Re: Heads Up on Phantom Lady #17 2nd chance offer spoof email [Re: RareHighGrade]
Sqeggs Offline
Pedigreed


Registered: 05/24/08
Posts: 6004
It would be helpful if Sparkle City would come back to this thread, which they started, and let us know what -- if anything -- they've learned from eBay about this episode.

It would appear that either they were hacked or eBay was hacked.

Top
#6647597 - 04/28/13 01:53 PM Re: Heads Up on Phantom Lady #17 2nd chance offer spoof email [Re: Sqeggs]
Fallsview Offline
I am gonna miss that car.


Registered: 03/26/11
Posts: 215
 Originally Posted By: Sqeggs
It would be helpful if Sparkle City would come back to this thread, which they started, and let us know what -- if anything -- they've learned from eBay about this episode.

It would appear that either they were hacked or eBay was hacked.


+1

Top
#6647884 - 04/28/13 03:57 PM Re: Heads Up on Phantom Lady #17 2nd chance offer spoof email [Re: Fallsview]
SparkleCityComics Offline
The Collectinator


Registered: 08/26/11
Posts: 347
Loc: NY/NJ
All of the information we have received so far has already been covered on this thread by others. I wish we knew more, but we don't. eBay suggested that to play it safe we change our passwords, this was done as soon as we learned of the phishing emails. Security checks on our internal systems have all been clear and there is no additional evidence we can see of our accounts being compromised or tinkered with.

Our original assumption was that our account somehow got hacked. The fact that this same person has been running this scam throughout ebay with various sellers/product does add a new dimension to things, but I think Doohickamabob is probably on the right track. I would imagine that it would take a high level hacker to crack eBay itself.

During our preliminary conversation with eBay we were told that if an account is ever hacked, the hacker would not have access to any billing, credit card, paypal, etc.. information. I think it's safe to assume that receiving one of these emails does not mean someone got your login info, etc.. Never a bad idea to change your passwords though, we do this on a regular basis.

Top
Page 2 of 5 <12345>


Moderator:  plitch, Gemma, cgcmod, cgcmod2, Harshen, cgcmod3, dena, cgcmod5, cgcmod4, cgcmod6, cgcmod7, CCGmod0, cgcmod8, Barbara T, Matt Nelson, cgcmod9, cgcmod10, cgcmod11, cgcmod12, ccgmod1 
Hop to:
Boards Information
Please read the
TERMS OF USE - BOARD GUIDELINES
for the rules of moderation on the boards.



Search
The Money Marketplace
GOOD COINS FOR SALE REASONABLE PRICES
by wmfielding
Yesterday at 08:23 AM
WTB - Beautifully Toned 1964 MS Lincoln Cent
by mikew148
Yesterday at 12:50 AM
CAC 1795 Half Dime & Dollar! GOLD! 1877 $20 NGC AU58, $50 Buffalos, Baseball Unc
by AnkurJ
08/21/14 10:58 PM
My 19th century listings at Great Collections - silver and gold.....
by Hard Times
08/21/14 08:33 PM
Comics Marketplace
Toasty Aftermath and Giveaway!
by Designer Toast
26 minutes 59 seconds ago
Spider-man Sale - Bronze Readers
by Scturo
42 minutes 14 seconds ago
A Few Slabs - Universal & S.S. - Manifest Destiny - East of West + Freebies
by AntBrown
Today at 12:23 AM
Kaholo's Amazing Houston sale -
by kaholo1256
Yesterday at 11:11 PM
Advertisements

Generated in 0.016 seconds in which 0.002 seconds were spent on a total of 14 queries. Zlib compression enabled.

IDW Publishing Aspen Titles