Archived Blog

WBSN True Phishing Stories - eBay Motors

09.17.2008 - 1:30 PM

Websense Security Labs routinely receives stories of phishing scams. We wanted to share the story with you as online auction phishing scam are a common occurrence and we hope you can learn from this victim’s mistake.

This is a true story of a victim, hooked by an online eBay scam. The scam works as a “for sale” post on eBay and usedboats.com. This is a scam where victims are hooked and reeled into making a deal with the seller and involves a storyline that is almost too good to be true.

The process is interactive through emails and phone calls, with the buyer and seller engaged in communication, including the exchange of picture[s] and information. The buyer is reeled in by the ease of open communication, and is lured into becoming more interested in making the purchase. The first response letter appears to be automated and pushes the buyer into using a spoofed eBay site (http://purchaseprotection-e-bay.com)- almost identical to eBay’s Vehicle Purchase page: (http://pages.motors.ebay.com/buy/purchase-protection/index.html?_trksid=m37).

Fake eBay Site:

Automated Reply Letter:

To the unknowing buyer, the site appears to be genuine. The seller is persuasive, pushing the use of the service to keep the money “safe” both for the buyer and for the seller, attesting that the site is the best option due to its nature of protection for both parties involved. The seller assures the buyer that the money is held in a neutral account and is insured.

The phish URL is deceiving, appearing to be legitimate, but it does not have any affiliation with eBay. It is registered through a service used to keep the anonymity of the owner and is called “Domains by Proxy”. Domains by Proxy, Inc.

DomainsByProxy.com
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: PURCHASEPROTECTION-E-BAY.COM
Created on: 20-Jun-08
Expires on: 20-Jun-10
Last Updated on: 20-Jun-08

The seller went as far as to create a fraudulent notarized invoice as well as a phony bill of sale. The delivery date came but the product was never delivered. An email from the buyer is sent to support@purchaseprotetion-e-ebay.com and gets he receives this response in return:

Response Letter:

Fake eBay Invoice:

Bill of Sale Notarized:

Cyber crime is on the rise and getting quite sophisticated. This scam demonstrates the extent of work a thief is willing to commit. It takes a savvy surfer to avoid falling prey to these kinds of situations. Just about anyone can be tricked in using a spoofed URL. A quick glance may look very similar to the real address, be careful and verify the link by going to the site manually.

Websense Security Labs sees many of these scams everyday and works closely with the Anti-Phishing Working Group to identify new phishing and fraud based threats. The Anti-Phishing Working Group collects information about email fraud and phishing activity on the internet. This information is analyzed, compiled, and published into "The Phishing Activity Trends Report". This monthly publication offers information such as trends in phishing activity including the most targeted industries and brands. Customers of Websense are protected from these sites.

Security Researcher: Jack Rasgaitis

Bookmark This Post: