[153743] in North American Network Operators' Group
RE: EBAY and AMAZON
daemon@ATHENA.MIT.EDU (Blake Pfankuch)
Mon Jun 11 16:52:12 2012
From: Blake Pfankuch <blake@pfankuch.me>
To: "Kain, Rebecca (.)" <bkain1@ford.com>, "nick@flhsi.com" <nick@flhsi.com>,
"Brandt, Ralph" <ralph.brandt@pateam.com>, "nanog@nanog.org"
<nanog@nanog.org>
Date: Mon, 11 Jun 2012 20:51:19 +0000
In-Reply-To: <7DB845D64966DC44A1CC592780539B4BA57914@nafmbx47.exchange.ford.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I have a spam pit email address which I monitor for trends to have a little=
bit of jump on the possible things users might touch at work. I started s=
eeing the amazon, ebay and paypal ones a few weeks back. The other one I h=
ave started to see a lot of is the "Free or cheaper home phone service thro=
ugh magic jack" ones. Again as expected they link to some .ru domain and l=
ook just like the normal sign up page. Also my handy dandy virtual machine=
was instantly owned with malware just by loading the page. The VM runs Wi=
ndows 7 as a non administrative user, UAC cranked up and IE9. Something li=
ke 10 installed apps showed up including "Adobe Flash Player Latest."
The other cool one I have been seeing is along the lines of "How to better =
utilize your office phone system" or "New Business Phone systems" with supp=
osed links to "popular new phone system trends". This one is rather crafty=
as it has an embedded image which is a nice weblink to an infected jpg. S=
o you click show picture in outlook, or in your browser and you get another=
installed piece of nastyware.
-----Original Message-----
From: Kain, Rebecca (.) [mailto:bkain1@ford.com]=20
Sent: Monday, June 11, 2012 12:40 PM
To: nick@flhsi.com; Brandt, Ralph; nanog@nanog.org
Subject: RE: EBAY and AMAZON
I have gotten them from "amazon" stating "order number X was cancelled and =
please click on the below file for more information". Because I order so m=
uch on amazon, I almost thought it was real and clicked on it but then went=
to the amazon site and looked at "my open orders". It always pays to goto=
the site, not believe email.
-----Original Message-----
From: Nick Olsen [mailto:nick@flhsi.com]
Sent: Monday, June 11, 2012 2:06 PM
To: Brandt, Ralph; nanog@nanog.org
Subject: re: EBAY and AMAZON
I think it might just be coincidence. I've gotten about 10 of them and have=
n't been to ebay or amazon in months.
Most of them have been for >60 dollar books.
Nick Olsen
Network Operations (855) FLSPEED x106
----------------------------------------
From: "Brandt, Ralph" <ralph.brandt@pateam.com>
Sent: Monday, June 11, 2012 1:28 PM
To: nanog@nanog.org
Subject: EBAY and AMAZON
I have received bogus emails from both of the above on Friday.=20
These look like I bought something that in both cases I did not buy.
The EBAY was a golf club for $887 and the Amazon was a novel for $82, far m=
ore than I would have spent on either.
I think I looked at the novel on Amazon and I remember the golf club came u=
p on a search with something else on Ebay. =20
How this information could get to someone spoofing is a little disconcertin=
g. =20
I have changed EBAY and Paypal Passwords as instructed. =20
Ralph Brandt
Communications Engineer
HP Enterprise Services
Telephone +1 717.506.0802
FAX +1 717.506.4358
Email Ralph.Brandt@pateam.com
5095 Ritter Rd
Mechanicsburg PA 17055
