PDA

View Full Version : Hackers have your fun!



Demon_Mustang
12-24-2004, 01:36 AM
Hey guys, my sister recently received this email claiming to be ebay needing to "verify" her credit card information. Well, obviously, it's a fake, but it looks completely real. Well, here's the link, if any of you know how to screw these people over, here is their address, including the actual ip address of the server.

BTW, I already reported this to ebay, so no need to suggest that.

NOTE: DO NOT PUT YOUR REAL LOGIN OR PASSWORD! THIS IS FAKE!
http://203.79.215.201/.~/ebay.com/RegDllUsers/reeval.procedure/SecureSignIn.html

Anyway, you could put anything you want in there and it'll claim your login was successful.

But if any of you know how to "hack" into that ip and maybe crash their server, or worse, knock yourself out.

Or if you know an actual law enforcement agency that can actually take legal action against those involved, please help yourself in reporting this.

Demon_Mustang
12-24-2004, 01:36 AM
Hey guys, my sister recently received this email claiming to be ebay needing to "verify" her credit card information. Well, obviously, it's a fake, but it looks completely real. Well, here's the link, if any of you know how to screw these people over, here is their address, including the actual ip address of the server.

BTW, I already reported this to ebay, so no need to suggest that.

NOTE: DO NOT PUT YOUR REAL LOGIN OR PASSWORD! THIS IS FAKE!
http://203.79.215.201/.~/ebay.com/RegDllUsers/reeval.procedure/SecureSignIn.html

Anyway, you could put anything you want in there and it'll claim your login was successful.

But if any of you know how to "hack" into that ip and maybe crash their server, or worse, knock yourself out.

Or if you know an actual law enforcement agency that can actually take legal action against those involved, please help yourself in reporting this.

teebus
12-24-2004, 02:14 AM
I posted some seasons greetings in the form on that site! http://forums.ubi.com/images/smilies/16x16_smiley-mad.gif

Oh yeah- and I reported them to the FBI and found out the following on IPWHOIS:

Result for 203.79.215.201
--> /usr/local/bin/fwhois 203.79.215.201@whois.apnic.net
[whois.apnic.net]
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 203.79.192.0 - 203.79.223.255
netname: APOL
descr: Asia Pacific On-line Services Inc.
descr: Internet Service Provider
descr: Taipei, Taiwan
country: TW
admin-c: AA91-AP
tech-c: AA91-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-TW-APOL
changed: hm-changed@apnic.net 20021217
status: ALLOCATED PORTABLE
source: APNIC

person: Admin APOL
nic-hdl: AA91-AP
e-mail: adm@apol.com.tw
address: 8F,No19-5,Sanchong Rd.,Nankang Dist.,Taipei,Taiwan,R.O.C.
phone: +886-2-55813300
fax-no: +886-2-26551515
country: TW
changed: adm@apol.com.tw 20021104
mnt-by: MAINT-TW-APOL
source: APNIC

teebus
12-24-2004, 03:39 AM
They replied extremely quickly, and said:

"THIS IS NOT AN AUTOMATED RESPONSE

Thank you for your submission to the FBI Internet
Tip Line. The FBI's Internet Fraud Complaint
Center (IFCC) has seen a steady increase in
complaints that involve some form of unsolicited
e-mail, such as the one you received, directing
consumers to a phony "Customer Service" type of
web site. That scam is contributing to a rise in
identity theft, credit card fraud, and other
Internet frauds.

"Spoofing" or "phishing" frauds attempt to make
Internet users believe they are receiving e-mail
from a specific, trusted source, or that they are
securely connected to a trusted website, when that
is not the case. Spoofing is generally used as a
means to convince individuals to provide personal
or financial information, which enables the
perpetrators to commit credit card/bank fraud or
other forms of identity theft. Spoofing also
often involves trademark and other intellectual
property violations.

The FBI offers the following tips for Internet users:

* If you encounter an unsolicited e-mail that
asks you, either directly, or through a website,
for personal financial or identity information,
such as Social Security number, passwords, or
other identifiers, exercise extreme caution.

* If you need to update your information online,
use the normal process you've used before, or open
a new browser window and type in the website
address of the legitimate company's account
maintenance page.

* If a website is unfamiliar, it's probably not
real. Only use the address that you have used
before, or start at your normal homepage.

* Always report fraudulent or suspicious e-mail
to your Internet Service Provider. Reporting
instances of spoof websites will help get these
bogus websites shut down before they can do any
more harm.

* Most companies require you to log in to a
secure site. Look for the lock at the bottom of
your browser and "https" in front of the website
address.

* Take note of the header address on the
website. Most legitimate sites will have a
relatively short Internet address that usually
depicts the business name followed by ".com" or
possibly ".org". Spoof sites are more likely to
have an excessively long string of characters in
the header, with the legitimate business name
somewhere in the string, or possibly not at all.

* If you have any doubts about an e-mail or
website, contact the legitimate company directly.
Make a copy of the questionable web site's URL
address, send it to the legitimate business and
ask if the request is legitimate.

* If you've been victimized by a spoofed e-mail
or website, you should contact your local police
or sheriff's department, and file a complaint with
the FBI's Internet Fraud Complaint Center at
www.ifccfbi.gov (http://www.ifccfbi.gov).
We encourage you to share this information with
your friends, family and co-workers, and encourage
them to submit information they may deem of
interest to the FBI."

Demon_Mustang
12-27-2004, 01:27 AM
You know, I was actually in the process of filing a complaint to them, but halfway through the form, I thought this was only if you've actually been victimized and is looking to regain lost funds of something due to fraud, we never really fell for this email, so I just stopped filling out the form. Hm, maybe I should have simply filed it and let them take a look at that url... But I'm sure you've already given it to them right?

teebus
12-27-2004, 02:30 AM
Yes... And they said that they do appreciate people warning of "phishers" even if they are not affected by the "phishing attempt" themselves.