Scam scum

I had received warnings from Eartlink and PayPal that scams were going on to grab your personal information, but I didn't know how sophisticated they were until I got this email today. (Opens in its own window. Close window to return here.)

Email

I then sent out a warning to friends about this and investigated some more myself. What I learned was that when you went to the site in the email - I finally got up the nerve to do that - you found it was located here:

http://www.ebayupdate.net/

And here's what you find when you go there - please note all the information they are seeking. (Again, this opens in a new window and is just a screen capture - an image - that I've placed on my site. Well, four screen captures actually, because it is so long. ) Imagine what they could do with all this information! They are taking your identity.

Web site

Jennifer Hicks responded to my email:

i too got a few of these - mine were from paypal... following the link led me to a form (NOT in the paypal domain, fortunately) where it even asked for one's ATM pin number...

And James sent me this URL which suggests that this type of fraud - though perhaps not this one - goes back at least a year: http://128.175.24.251/ebayidtheft.htm

Don Foster suggested I do a view source on the email. I did and that gave me the site domain. (http://www.ebayupdate.net/) The firts thing I noticed was it was a ".net" rather than a ".com" domain. On the real eBay site everything I could find pointed to a ".com" domain.

I then went to a "who is" domain search at one of the hosting companies I use. The result showed the following:

domain: ebayupdate.net
status: production
organization: og triple triple
owner: Donald Stienberg
email: hitemuppinga@aol.com
address: 64 Chrissy Court
city: staten island
state: new york
postal-code: 10316
country: US
admin-c: hitemuppinga@aol.com#0
tech-c: hitemuppinga@aol.com#0
billing-c: hitemuppinga@aol.com#0
nserver: ns1.sauri.org
nserver: ns2.sauri.org
registrar: JORE-1
created: 2003-07-17 00:41:10 UTC JORE-1
modified: 2003-07-17 06:10:22 UTC JORE-1
expires: 2004-07-16 20:40:49 UTC
source: joker.com


While I assume any names are false or stolen, as well addresses (eBay is in California) , Don Foster noted the unusual spelling of "Stienberg" and did another search, this one at http://www.all-nettools.com, and found this:

SmartWhois www.ebayupdate.net (193.125.190.214)

193.125.190.0 - 193.125.190.255
EUnet/RELCOM

Tanya N. Nikonova
Relcom Corp.
4 Raspletina ul.
123060 Moscow
Russia
+7 095 1941995
+7 095 1943328
nikon@relcom.net

Oleg V. Semenyuk
"RELCOM.BUSINESS NETWORK" Ltd.
1 Kurchatov sq.
Moscow
+7 095 1941995
+7 095 1963295
olegs@Relcom.Eu.Net

I find this chilling - both in terms of what they could steal and how sophisticated the operation is. I also feel that it lowers confidence in the Internet and that angers me more, since I see the net as a wonderful way to encourage free learning and communications across the world. This kind of abuse needs to be prosecuted, but what if it's being run from another country? Can we get at the perpetrators?

Posted by Greg Stone at August 3, 2003 04:54 PM
Comments

This episode and your closing question suggest that it might be an interesting case study to use with US and the World. What are the tradeoffs we are ready/not ready to make in multilateral relationships when our citizens are prey in their own home/computer to foreign predators?

Posted by: Don Douglas at August 3, 2003 05:28 PM

I'm a bit hesitant in wanting to legislate a response to such acts, especially international. My reasons are somewhat parental. As a parent, I would never send my son or daughter out into the public square without first having the assurance that they have reached a level of maturity that they could use reason, induction and deduction, etc. to make appropriate choices on their own. But also I would want to fully educate them on the dangers of a crowded public place: stay away from strangers unless and until you have a very good reason for approaching them or accomodating their request(s) if someone approaches you, how to handle such interactions, who and where to go for help, etc.

I see the Internet as a virtual public square where many strangers of many backgrounds interact. It has elements of a public square overlapping with elements of a grand central station. Everyone who enters such a place should do so after thorough education about the proper conduct and etiquette, or under close supervision of someone knowledgeable in such settings.

By the same token, authorities should be present and highly visible. This is acheived online by having multiple contact means for ISP's, major sites, and other services. It is also comforting to know that good citizens, such as we have here, are passing along information that can serve and protect others. A secure citezen is an educated (thereby virtually armed) citezen. Remember, knowledge is power.

It also seems to me that EBay and PayPal would have the most interest in stopping this activity, for their corporate identities have already been stolen, and such activities are doing them damage even before anyone falls for the scam.

Posted by: David Soliday at August 4, 2003 12:20 AM
Post a comment









Remember personal info?