[meteorite-list] eBay/paypal phishing

From: Sterling K. Webb <kelly_at_meteoritecentral.com>
Date: Sun Jun 5 15:42:54 2005
Message-ID: <42A3559B.4DCE73F9_at_bhil.com>

Hi,

    Yes, I know "phishing" is the current techno jargon, like phone "phreaking"
was decades ago, but it just piles an flashy verbal disguise on top of frauds,
thieves, con men, grifters and scum, and makes them sound cute. They're not.

    The reason why eBay / PayPal does nothing is that there is nothing eBay /
PayPal can do, in any practical way, except to warn you off, which they do in
every response when you report these things.

    These criminal enterprises are segmented into task clusters that each work
on their own with the other task clusters.

    Bulk emailing is not a crime. The bulk emailer doesn't create the email,
just sends it. He would be violating the law if he were to look at somebody's
else mail, as if FedEx were to open your package or letter before they send it
along.

    Selling 100,000,000 email addresses at a time is not a crime; it's a
respected business called marketing. Collecting other people's email addresses
by questionable means isn't a crime, either, as it turns out.

    eBay itself will sell you a special access that allows the collection of
data from their sales for the purposes of market research. How do you think
they got your email address?

    This List's own archives contain the email address of everyone who's ever
posted here. I can't imagine how else I would get email solicitations for what
purport to be porn sites that contain the word "polymict" in the subject line in
any other way!

    The creator of the email has his fake site, the one you go to, hosted by
another innocent party who hosts hundreds of sites in his gateway, How is he
going to check out the honesty of every one of his customers? How would you?
He probably doesn't care, but if the law came to him and said this customer of
yours is a crook (we think), he'd just say he didn't know and satisfy the law by
dumping the client. No penalty.

    Besides which, the creator of the criminal site only places it with a host
for a very short while, only a few days if he is really careful, then moves it
to another host. He may just sneak into a server in Lativa and have it host his
site without even knowing it.

    He doesn't steal anything from you using that data. When he has collected
enough personal and credit data to be worth something, he sells it to a broker /
distributor of stolen credit data, then physically destroys the media that
contain any trace of it (media, even hard drives, are cheap).

    The broker of stolen credit card data doesn't steal from you -- he re-sells
the data at a profit, in various sized chunks to middle men who re-sell it to
those who alter or manufacture physical fake cards from it or, increasingly,
cyber-thieves who just work a few or only one victim at a time or very small
brokers who sell one person's fake card to some guy on the street so dumb that
he has to show him how to use it.

    So, crime too is increasingly operating by means of distributed networks of
clusters whose only connection is the exchange. Some clusters, while not
exactly innocent, have committed no crime. Most have only committed only very
low-grade offenses; many can claim ignorance, some of them genuinely.

    Lots of burglars go to jail; very few fences do. "Yer Honnir, Mr. Blapp had
no way to know that TV was stolen; it wasn't marked or tagged; people hock their
TV's all the time -- he's as much a victim as the homeowner it was stolen from!"

    Only the end-user of a single stolen credit dataset is likely to get caught,
for a single, first-time offense, rated only as a Class C or D felony, and he's
likely to escape any serious punishment. Besides, that's what little crooks are
for -- to get caught and take the heat.

    The Mob model of organized crime, formed at the same time as Durant was
putting together a collection of failing independent car makers into something
he called "General Motors," is a top down model, and that model is dead. Crime
is reforming into distributed networks which have as their salient
characteristic the extreme resiliency of the system. When's the last time the
ENTIRE internet "went down"? The answer is never.

    We are in the process of creating a world run by distributed networks. You
can buy a refrigerator that will monitor your food purchases and re-order from
the store when you get low on enough items, then print a reminder to tell to go
by the store and pickup your groceries. OK, it's a pilot program, but it's
coming, or something like it is. In five years or so, most food will have RF
chips attached. Your food will be data.

    Your car is a computer, so is your toaster (true if you have the right
brand). Eventually, every physical object or device in your life will be.
Everything will look the same on the surface for a while, but underneath, it's
changing in strange ways very fast.

    Why should crime be any different?


Sterling K. Webb
------------------------------------------------
Dave Harris wrote:

> ..yep - ignore them - I get at least 3 a day - and eBay & Paypal do nothing
> to stop them.
>
> Just forward to spoof_at_ebay.com or spoof@paypal.com
>
> Actually if you click on the link as if you were going to be fooled, you can
> see the address bar change to a suspect URL, not eBay or Paypal.
>
> What I do then is find the owner of the URL (using a WHOIS or similar
> lookup) and advise them yourself - then send them megabytes of crap data as
> an attachment until they tell me to desist, then I quote them the suspect
> URL again telling them again that they are supporting criminal activity.
> They probably delete them, but it's fun for me.
> I do the same with 419 scammers - I have a fast link so I can send a 6 Mb
> file in a few secs and I do that a dozen times until their server crashes at
> their end.....
>
> I have nothing better to do with my time....
>
> Ho hum.....
>
> best!
>
> dave
> IMCA #0092
> Sec.BIMS
> www.bimsociety.org
> ______________________________________________
> Meteorite-list mailing list
> Meteorite-list_at_meteoritecentral.com
> http://six.pairlist.net/mailman/listinfo/meteorite-list
Received on Sun 05 Jun 2005 03:42:19 PM PDT