Spammer knew my customer was on eBay at 4AM. How?

Larry Sabo

Larry Sabo

Well-Known Member
Reaction score
3,440
Location
Ottawa, Canada
Yesterday, my customer phoned to tell me she couldn't sleep the previous night so was just browsing eBay between 2 and 4 AM. She's a very active eBay buyer/seller but didn't make any buys/sells, just browsed.

The next morning, she got a phone call from a scammer (she gets lots of them) and he says he knows she was on eBay at 4 AM and blah, blah, blah. After hanging up on the scammer, she called me in a panic wanting to know how he knew. She runs KIS so I said she has the best security protection there is, and that I have no explanation. We changed her eBay password but I said scanning with KIS would be pointless.

Any ideas?
 
DNS hack? Some routers can be compromised from the outside to use malicious DNS servers. That said, they must have tied.phone number to ip address. I vote for root kit. Able to hide from antivirus. Pulling her phone number from a saved document. Take hard disk out to scan it or boot from bitdefender CD for full offline scan.

No security software is infallible.
 
  • Like
Reactions: GTP
My guess would be some sort of social engineering going on. Maybe she talked to someone(chat) or visited more than just ebay and ran into a site that pulled her previous pages or dropped a tracking cookie like advertisers do.

To tie that information to a phone number/victim is the big trick.


On a separate note, could it be possible that she is compromised? I have seen more than a few KIS installs that were "broken" or otherwise acting really funny, in a bad way. Not limited to KIS:

http://arstechnica.com/security/201...y-av-can-make-you-more-vulnerable-to-attacks/

If the customer were up for it, a nuke and pave might be a reasonable solution IMHO.
 
In preparation, I tried to find where I could change my own privacy policy settings on eBay.ca but be damned if I can find them, even using the eBay help pages. She's on eBay.com but they must be similar. KIS takes care of firewall duties.
 
I'm voting for the social engineering route, not sure I'd be too concerned at this point. If you're logged in to ebay, your "online", correct? I'm usually logged into my ebay account all of the time, so a scammer could make an "educated" guess and say they saw that I was online. Now, if said scammer started mentioning the items I was browsing, that might be a different story.
 
@katz, she tells me she hates and doesn't do social media, never chats online, and doesn't have a Facebook account. I'm unable to find any indication of a selected seller being online/offline. One sin she and her husband are guilty of, is using the same password for almost everything. I'm trying to set her up with LastPass to cure that.

I've told her, if her system were compromised, her credit card would surely have been used illegally or her bank account drained by now. She says that the last comment will now likely keep her up worrying until 4 AM. I want to do an offline scan and check her DNS settings in network adapter and router, HOSTS file, etc.
 
You can be a victim of social engineering and not be on Facebook. Con artists have been doing it for hundreds of years. The woman is misrecalling events and filling in blanks that were never said. The con artist probably only said he saw her on eBay. He never mentioned the time or even her username. But because she was on eBay just hours before she leapt to the conclusion that he knew everything. He was fishing(because lots of people use eBay so the chances of calling someone and finding an eBay user is high) and asked a leading question and she took the bait.
 
nlinecomputers said:
He never mentioned the time or even her username.
Click to expand...
According to her, he said "I saw that you were on eBay at 4 AM," or words to that effect. She was quite explicit about him mentioning the time. She's out of town for a few days but we'll get together when she returns. Any guidance on how/where one can determine that a particular seller is currently online on eBay?
 
You can't. I was mistaken on eBay reporting it. Maybe they used to and no longer so.

And frankly I find it doubtful that she was told the exact time. Cons like this work because people suck at being good witnesses. Ask any law enforcement officer.
 
I'm betting it is social engineering or since she uses the same password for almost everything a different site got hacked and they got her info and possibly was able to log into her ebay account to see she is online.
 
Did she say what the scammer wanted during his phone call? Was he trying to sell her an AV service, wanting to log in to her pc to run scans, etc.?
 
@katz, I don't know what he was selling. She hung up on him pretty quickly, as she is used to getting these scam calls. I'll ask her when she's back.

Edit: My customer tells me the conversation was as follows:
"you were on ebay at 4 a.m. and your credit card was compromised." I told him this was a scam and I hung up on him.
Click to expand...
All she did was browse.
 
Last edited:
Usually a nuke and pave is the best solution when the use of routine software (Malwarebytes, Kaspersky, ect.) does not show any sign of concern - IF and ONLY IF the client feels there is any reason to believe that their personal information has been compromised. I only say this because clients who have a tendency to experience scams of this sort are often targets on multiple occasions - and you do not want to be the tech your client deems responsible for the next [potential] "attack". Some things are out of our control, and often times clients are less aware of their internet activity than they express to us during consult.
 
What if she previously purchased from a seller that was logging ip addresses via a simple script or even just a remote image retrieval. Later she browsed another auction from that seller and he noticed the IP again and called her using the number associated to a previous order?

Edit: I assume its still possible to at least remotely link to a picture on ebay these days right?
 
Cody Shepherd said:
IF and ONLY IF the client feels there is any reason to believe that their personal information has been compromised.
Click to expand...
At this point, she doesn't believe her personal information has been compromised, and neither do I. But we are not absolutely certain, yet.
ComputerRepairTech said:
Edit: I assume its still possible to at least remotely link to a picture on ebay these days right?
Click to expand...
I don't see how he could get her IP from pictures she has posted. "Copy link location" for a picture in a random ad shows it to be on eBay's servers, not her system.
 
Larry Sabo said:
I don't see how he could get her IP from pictures she has posted. "Copy link location" for a picture in a random ad shows it to be on eBay's servers, not her system.
Click to expand...

Not pictures your client posted pictures a seller posts. Lets say i'm a scumbag seller and you purchased an item from me when you visited my listing it would be childs play for me to log your ip through an image loading on the listing from my server. You buy an item from me and I quickly determine which IP address is yours from the region (doesnt work 100% of the time but its fairly reliable) and so I now know which IP is yours. You visit another one of my listings just browsing at 4am and I see your IP again, I know your contact info from the previous item you purchased it would be childs play for me to contact you stating I see you browsing ebay at 4am.

That is just a possibility i'm mentioning but its certainly viable.

Edit: does ebay have a way to see login history to see if someone logged in and looked at recently viewed items or something?
 
@ComputerRepairTech, I'm afraid you've lost me. Where/how can a seller find the IP of customers browsing their ad on eBay? In any event, although it's not impossible, I highly doubt she has purchased something that this far eastern scammer might have posted on eBay.

Does ebay have a way to see login history to see if someone logged in and looked at recently viewed items or something?
Click to expand...
Not that I could find.
 
You must log in or register to reply here.

Similar threads

ComputerProVA
Have my first non paying customer. What are my options?
2 3
Replies
47
Views
9K
CheddarPCsKP
CheddarPCsKP
J
Unhinged customer
Replies
7
Views
2K
mkeathley
M
bertie40
My Holiday
Replies
11
Views
2K
joydivision
joydivision
B
Week from hell, F* Ebay, F* lazy sellers, F* my day job
Replies
11
Views
2K
mr m
M
Redefine IT
How to describe key troubleshooting steps/components to customer
Replies
5
Views
1K
Redefine IT
Redefine IT
Back
Top