UK businesses shockingly unaware of how to handle security threats
Many decide to make no changes after detecting a breach
Cyber-crime
9 Apr 2024 | 23
From one who almost fell for the scam
It's almost ridiculous the conversations and judgment of the user that was scammed. I am writing this from my other computer while i try to clean my now completely infected system due to this scam.
These people that are perpetrating this scam are very slick. They list a car - legitimately, get plenty of bids and interest, requesting interested parties email them if you are serious about a purchase then remove the listing.
A week later, the seller notifies you saying she'd been traveling on business, she's selling the car that she received in a divorce settlement and wanted to conduct the transaction securely through eBay under the guise that eBay offers Vehicle Protection Plan. The user also provides the pictures of the vehicle that was originally listed.
BAM! That's where the hack begins. (It could have been earlier in the process but i doubt it.) The pictures are provided in a file name ThePictures.zip. I should have known better but I too have zipped files for family members who's email boxes has limits on file sizes.
I personally responded to the sellers email with questions expressing interest and the user responded that she'd listed the vehicle and provided both the ebay auction ID and a link to the auction.
This was a perfect scam in that the website was eBay in every sense of the word in appearance. The url was the same, layouts, etc.
I had made arrangements with my bank but was trying to get some sort of confirmation that the vehicle existed. I felt somewhat secure in the fact that eBay offered this Vehicle Protection Plan which it stated covered my purchase. Additionally, the page stated the buyers bank account had been registered with eBay and the funds would be held and not released until the buyer had inspected the vehicle - within 3 business days after delivery.
I was thinking the 3 days would allow me time to inspect and if it wasn't what I wanted, I'd return it.
I had requested information from the seller on the transportation company and was awaiting a reply when I search eBay extensively for any information on this bank account lock. I sent an email to eBay technical support and posted a message on the discussion boards to see if anyone else knew of the 'account lock'.
I am very grateful to the eBay Motors discussion group users for responding IMMEDIATELY to my post and providing me information on this scam. I am going to help bring this issue to light and help make those non-techie users a bit more savvy on these ploys.
I have been notified by a couple of users who had the exact scam pulled on them within the past month-losing their money. I hate to know how many people are waiting on a car they will never receive.
I will NEVER user ebay for any future transactions. While I believe the biggest part of the scam came with the email, it started with the original vehicle that was listed and removed. This was a vehicle that I had placed in my watched items but it never showed up... Hmmmm. Php code right from the start?
Oh well... i will continue to scrub my infested hard drive.
Biting the hand that feeds IT
