Scam? But how??

Amba_Gambla

Hi
my mother got this email this week.... we both immediately thought it was some sort of spam/scam, but can't work out where the scam bit is......

CNS: Fraud Alert! Read carefully!

Hello,

We are writing to alert you to an incident which involved your email address. A little more than an hour ago, someone using a stolen credit card number signed up for hosted services on our network and began sending bogus ebay notices. The notice claimed to be from "Marina", with a question about an ebay item. The purpose of this notice was to steal your ebay password. By clicking on the button to respond to the ebay notice, you would have been redirected to a site disguised as ebay and specifically designed to steal your ebay password.

This activity was identified by our rapid response team here at Commercial Network Services. We immediately logged into the phishers virtually hosted server and caught them in the act of sending these fraudulent messages. While we put a stop to it as quickly as possible, but we believe thousands of messages had been sent.

We have seized the phishers email list and are sending this message to that list - you - to alert you to this activity. If you received a message claiming to be from an ebay member and inquiring about an item - DO NOT RESPOND TO THE NOTICE! Instead, if you believe it is a legitimate notice, manually enter the ebay URL into your browser. It is very important you do not click on the "respond now" link contained inside the message as it will not take you to ebay!

If you received this notice and clicked on the respond link, we strongly recommend you logon to your ebay account * by manually entering www.ebay.com in your browser * and change your password immediately.

You should also be cautious in the future in that we know a phisher has your email address. Please be very careful when receiving future notices like this one. The best practice is to always visit the site in question by entering the URL manually in your browser and not clicking on the link contained in the message.

Commercial Network Services is a 12 year old online service provider. We service a variety of online businesses from big to small. Our services include web and email hosting, virtual servers, streaming media, e-Commerce and much more. It is our intention to be a good online neighbor by responding to these threats as quickly as possible.

Sincerely,

Rapid Response Team,
Commercial Network Services
San Diego, California

www.CommercialNetworkServices.com

All I can think of is that it is a clever(?) marketing ploy for teh company involved....

anyone any other ideas???

HARDM2000

Personally i can't see anything wrong with it, they are'nt trying to redriect you to anything and the information contained within it is common sense. If youre really that bothered just delete it.

Lorian

At a quick glance this does look bona fida.

http://www.commercialnetworkservices.com/support/SecurityAlerts/ebay-Phisher-02-04-07.htm

Sparky29

This is not fraud as they aren't asking you for any details or asking you to do anything other than change your ebay password by going to the website directly (not through links). The advice they actually give:

Quote

"The best practice is to always visit the site in question by entering the URL manually in your browser and not clicking on the link contained in the message."

is actually good advice as any link can be named what you want, even resembling the address of a genuine web site but really re-directing you to a spoof site.

Avoriaz

As you say it could be a marketing ploy or it could just be an attempt to verify your email id.

I am always suspicious of anything like that, even if the intentions appear to be honourable.

Personally I would just delete it and forget about it. Don’t respond or reply.

The advice is sound but I know that already.

TheFaqqer

The only thing I can think of is if there was an attachment (or something that ran when you opened the email) which modified the hosts file on the computer. This could redirect the address to a different computer.

On XP, look at the "hosts" file in C:\WINDOWS\system32\drivers\etc and see if there is anything that points to https://www.ebay.com If there is, then that's the scam.

Faqqer

Astaroth

As long as there were no attachements and the https://www.CommercialNetworkServices.com link was actually what the link was too and not either something else nor any extra bits added after the .com then it just looks like a strange email and potentially a marketing attempt

ollyk

too clever for my liking - to much miss-direction and emphasis on entering address manually (most know this by now) I would strongly suspect a little trojan is sitting on your puter somewhere although I could be wrong....
Can you not change ebay password on another machine?
also are your virus scanners / ant thisandthatware up to date?

heuscher

I would say its completely legit. All they are doing is informing you that someone has used their services fraudulantely and you were being targeted. They would have your details, and its in their interests to ensure you are informed of the attempted scam so can protect yourself.

There's no underlying marketing ploy / scam there... well... assuming no dodgy attachments/images etc. Although, its not uncommon to have 'anti scamming' scam emails.

Alfie_E

Amba_Gambla wrote:

anyone any other ideas???

You have to appreciate that there’s a very different attitude to security breaches in California when compared to here. There is law that mandates disclosure in very specific circumstances, although not one like this. There is far more of an expectation that companies disclose security breaches. It could potentially be very expensive for a company in civil court, if they were found liable because of a failure to disclose.

sweven

Seems not to have been a scam - found this on another forum

Hello,

I am the owner of Commercial Network Services and found this forum by reviewing our web site traffic reports. I have been following the comments posted on the online forums and emailed directly back to us with great interest. I never imagined such a response, but I can say it has been about 90% positive.

First, let me say the message we sent out to 300,000+ people was indeed legitimate. The message went sent out explained what happened, but I will briefly review it one more time and then add a few more comments.

Early on January 4th, someone signed up on our network for a virtually hosted server using a stolen credit card. Our new orders are provisioned within minutes, so it did not take long for them to upload their bogus ebay page (the email body), their list of 300,000+ email addresses and an email mass mailer called “dark mailer”.

Meanwhile, our Rapid Response Team was already tracking the order because it had triggered certain concerns with the order itself. We contacted the ‘card member’, who knew nothing about the order. We then contacted the bank and alerted them to the fraudulent use of their credit card. At that point, one of our sys admins logged into the virtually hosted server and found the person was actively logged onto the console and had their mass mailer running – sending out fake ebay notices to contact a eBay member about an item. It was obvious what was happening.

Many of you will ask why we didn’t do something to physically catch the person. The short answer is it’s nearly impossible. They were coming in from a hacked ISP account, which in my experience was probably relayed from another hacked account, etc.. It’s just not possible. We sent a desktop message to the person, who tried to log us off of our own network (also impossible). At this point, we locked out the person and stopped the mass mailer from sending any more messages.

We now had a new problem on our hands. We knew that a few thousand messages had gone out from the list, but we had no way of knowing which email addresses on the list were affected. We also knew that the phisher was simply going to signup on another ISP’s network and send to the same list. We also don’t want our network used as a safe haven for phishers. So what did we do? We hit him back where it hurts – by rendering his entire list of 300,000+ email addresses useless.

We hope that by sending an alert to his entire list, all 300K+ of the people on that list will not fall to his scam. We realize it is a tall order, but no doubt he is on that list and knows exactly what we did. By doing this it lowers the likelihood that our network will ever be used to scam innocent people – they now know we mean business and will hit them right back where it hurts. They rely on people not knowing better, so in this case I feel education is the best weapon.

Many of you will ask why we didn’t contact eBay directly (we have no relation to eBay whatsoever). The short answer is if we had done that, we would still – 2 days later – be waiting on a response. In fact, many of you did contact ebay but we have not heard a word from them. This has been our experience with eBay. Incidentally, we tried to process a $10 authorization on the same credit card several hours later and found the bank had still not suspended use of the stolen credit card. I hope you can see that in this business, if you need to act fast then you need to take on the responsibility yourself – which is exactly what we did.

We received a few hundred replies. Most of them were very positive, but some were mean and obscene. We don’t take any offense to these messages and believe these people don’t realize who is who. It’s probably a good thing because if they sent us such a message then they are unlikely to give the phisher what he is looking for – and that is what we intended.

Some people asked if they could send us any future phishing messages – please don’t. We can not be the Internet Police, but we will certainly not let our network be used to scam innocent people.

The final comment I should add is that some people said it was a new spam scheme, because we put a little bit about our company in the bottom of the eMail. It was absolutely not a spam scam and we had to tell you a little bit about us so you would better understand what was going on. How would it have looked if we just sent a message ‘someone is trying to hack you’ without any further information about us? I imagine it would be very confusing.

So now you have the rest of the story. I believe our actions were a complete success in that we probably significantly reduced this phishers ‘take’ from his hard earned list. We will continue to alert people in the future should a similar situation come up. We have no intention of ever letting our network be used to scam innocent people. It makes our entire industry look bad and that is just unacceptable.


Sincerely,


Barry Bahrami
Commercial Network Services