posted on October 30, 2005 06:23:58 PM new
My wife was fooled by an e-Bay phishing scam. We changed our e-Bay password. Our PayPal was different than e-Bay, but we changed it, too.
In reviewing My e-Bay screen, all I can see that might have been accessed is my bank Routing Number, my name & address.
What can these scam artists do with the limited information they might have accessed? (Checked our bank - all still looks ok there, too)
Thanks.
posted on October 31, 2005 03:58:47 AM new
Does clearing your cache and cookies get rid of keystroke stealers? If so I am going to do that every time I turn around just to make sure! Seriously! That's my biggest fear.
-------------------------------------
posted on October 31, 2005 05:49:47 PM new
GOSH I was hoping glassgrl would come in here and verify my idea ... she is busy elsewhere I guess ...
answer to classic: keystroke stealer/ keystroke virus can track your every move you type onto your computer keyboard, thus getting your ID names and passwords to the various sites you do business with.
posted on October 31, 2005 06:06:45 PM new
A keystroke logger is actually a Trojan horse virus. It will deposite itself initially in your temporary internet files. Once there, it will open and infect the necessary files to achieve its intended purpose. A good AV program is the only way to prevent one in the first place. Even then, they can sneak in. I once did a scan and found one that was in my temporary internet files. It had not yet had a chance to fully load itself onto my hard drive. The bad thing about Trojan viruses, is they are very easy to conceal in a .jpg image. Simply opening a jpeg image on a web site, even Ebay, is very similar to opening a .zip file attachment and can infect your computer. An AV program, updated daily, is the only protection you have against these critters if you are going to get on the internet. Even then, frequent scans are highly recommended in the event one sneaks through.
A $75.00 solid state device will always blow first to protect a 25 cent fuse ~ Murphy's Law
posted on October 31, 2005 06:06:59 PM new
it's actually called a "keystroke logger." and no, clearing one's cache and cookies doesn't get rid of this type of malware, which is esp. dangerous from an identity theft standpoint.
but running a good mixture of anti-spyware type programs such as spyware doctor (commercial, but i highly recommend it), spybot search & destroy (free), spyware blaster (free), ad-aware (free) and anti-virus programs (norton's and f-prot are the two i like) and online checkers such as housecall and/or panda should keep the bases pretty well covered. you'll have to google the urls unless someone else wants to post them...i have a splitting headache and need to go rest. free is nice, but some of the commercial programs like spyware doctor and f-prot are worth their weight in gold at preventing problems.
microsoft has an anti-spyware program that you can download for free, too. it's still in beta mode but seems to work well on my system.
every friday while doing other things, i run through a total of about 12 different free and commercial programs, such as the ones listed above, to check for any problems. i run them in the background and go on about my business. also, check for windows updates, esp. the security patches. they usually come out on tuesdays.
posted on October 31, 2005 06:08:40 PM new
addendum - and keep things like norton's, windows anti-spyware, spyware doctor, etc. running in the background when you're online! but you don't want to run norton's and f-prot both at the same time. nite nite
posted on November 1, 2005 08:01:59 AM new
I received an email just this morning..Question from Ebay Member..."I'm still waiting the package to arrive. What happened? Please mailme ASAP or I will report you to ebay." There was no item number or mention of what their item was. There was a respond button and...yes... I clicked it. Immediately, a big pop-up window from AOL told me that the origin site had been recognized as a phishing site and suggested that I NOT go there. I didn't.
My question IS....do all emails from "Ask the seller a question" have the item number??? This is the second one I've received like this with no mention of item or number. The first I just ignored because it was a stupid question.
posted on November 1, 2005 08:23:31 AM new
annekila
I get those emails as well asking about some listing. If you want to you can go to properties/details and you will see the sender was not ebay etc.
I send the first few to [email protected] and they always came back as non legit.
The best way is to go to your "My EBAY" page and see if there are any messages. If it is there then is legit, if not it is a fake.
You can answer from there as well (recommended) and even exclude your email address if you wish.
posted on November 1, 2005 08:24:52 AM new
agmay
How did you know it was a phishing scam? Did she click a link or reply to the email.
I have been getting a weird message when trying to reply directly to a question from a buyer - so I know it was a legit email - but I get a message about a worm??
I'm afraid to email anyone any more.
posted on November 1, 2005 12:02:33 PM new
Thanks, David. From now on, I'll do everything from My Ebay. I was really suprised, though, that AOL caught it and warned me. It must be a new feature of theirs.
posted on November 1, 2005 12:21:25 PM new
annekila, I received the exact same email a few days ago & clicked on it too, even answered it. The buyers user ID was rivernick. There was no auction number.
I didn't recognize it, bur recently had a package lost in the mail which came back to me. I corrected the address & sent it on.
I thought the email was from the buyer probably using her husband's account & that's why I answered it. I thought the package might be lost again since she hadn't left FB.
So what can be gained by a scam like that if you should be fooled into answering???
I didn't have to use my password & now wonder if I should be worried.
It it were not for that lost & found package I would never have answered.
posted on November 1, 2005 10:13:50 PM new
sparkz:
Actually, the bank routing number & account number on a check can be used to create fraudulent instruments...usually as "demand drafts".
I covered this specifically on a show several weeks back re Qchex, an on-line service that lets anyone with a routing number / account number create checks.
"Demand drafts, also known as "remotely created checks," have become such an attractive target for criminals of late that the Federal Reserve in February proposed a new set of rules to govern them. And the National Association of Attorneys General in April called on the Fed to place an outright ban on demand drafts, citing increased fraud.
"The fact that a stranger can pull money out of a person's bank account using only the numbers at the bottom of his or her check is not commonly understood," the group wrote to the Fed, commenting on the proposed rules change. "Complaints about unauthorized bank debits are believed to be grossly underreported, perhaps because of the lack of public awareness of this type of bank account vulnerability."
I've been using snoopfree for a couple of months and like it. I'm surprised at how many programs want to "hook into" your keyboard. It's totally unecessary for the most part - only unless you need "hot keys" to operate the program.
vintage: spyware blaster is not an anti-spyware program per se - but I wouldn't have a computer without it. I would call it totally necessary.
"Spyware, adware, browser hijackers, and dialers are some of the fastest-growing threats on the Internet today.
By simply browsing to a web page, you could find your computer to be the brand-new host of one of these unwanted fiends!
The most important step you can take is to secure your system. And SpywareBlaster is the most powerful protection program available.
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially unwanted sites in Internet Explorer.
SpywareBlaster can help keep your system spyware-free and secure, without interfering with the "good side" of the web."
And Sparkz - Quote: "Simply opening a jpeg image on a web site - "
Let's clarify that. You don't have to OPEN anything. All you have to do is visit the web page. I saw one yesterday that AVG said VIRUS or TROJAN (whichever) and I have AVG programmed to immediately block it, discard it and close the web page. So it's easier than you think to get into trouble.
posted on November 2, 2005 12:17:37 PM new
Hey!!! ... ol' rivernick sent ME one of those too! (but I've gotten so many of those "question to seller" spoofs that i KNOW to ignore them.
...
