|
Dr. David Kirkby from Kirkby Microwave Ltd
A 9 GHz Agilent PNA network analyzer for ?2250.?
Note it is running as an auction, but the auction says that it is buy it now. If anyone is bidding, I would not send any money without contacting eBay first.
Dave, G8WRB.
|
There are many many items with that modus operandii. A month ago or so many were for HP3458a; frequently the same photo/item was located in multiple continents.
Apart from the point you mention, red flags:
* what has the other vendor sold
* very short term auction
* starting price <?10
* link to a disguised non-ebay site
toggle quoted message
Show quoted text
On 08/10/18 08:58, Dr. David Kirkby from Kirkby Microwave Ltd wrote: A 9 GHz Agilent PNA network analyzer for ?2250.
Note it is running as an auction, but the auction says that it is buy it now. If anyone is bidding, I would not send any money without contacting eBay first.
|
Try to visit his shop. He says he has been hacked.
Paul G8AQA.
On 08/10/2018 08:58, Dr. David Kirkby
from Kirkby Microwave Ltd wrote:
A 9 GHz Agilent PNA network analyzer for ?2250.?
Note it is running as an auction, but the
auction says that it is buy it now. If anyone is bidding, I
would not send any money without contacting eBay first.
Dave, G8WRB.
|
Its a scam - the payment method via external link is the tell.
Seen these many times before.
the buy now method violates eBay laws.
I suggest everyone clicks on the "Report Now" link so it gets removed ASAP.
the same scammer is posting quite a few adds, here's another one...
regards
Tim
|
I reported it to eBay who say they are aware that its a scam, as is pretty much everything else listed under his name. The scam items are all listed as being outside of the USA. As Paul says the genuine seller has posted a note saying that he's been hacked and that unless the listing is for engraving within the US it's a scam.
|
Aside from the obvious weekend ebay scam, there is something very disturbing here. I am talking about how well they disguised their web site URL.
I generally check a URL (at least superficially) before clicking on it. This URL probably would have fooled me. This kind of a scam could happen anywhere outside of ebay. For example, they could have set up a phony Amazon web site using the same method. It looks like it was a really bad idea to allow URLs with a string of text in front of the domain name.
Vladan
|
On 10/08/2018 12:09 PM, pianovt via Groups.Io wrote: Aside from the obvious weekend ebay scam, there is something very
disturbing here. I am talking about how well they disguised their web
site URL.
I generally check a URL (at least superficially) before clicking on it.
This URL probably would have fooled me. This kind of a scam could happen
anywhere outside of ebay. For example, they could have set up a phony
Amazon web site using the same method. It looks like it was a really bad
idea to allow URLs with a string of text in front of the domain name. A URL *is* a string of text, adhering to certain conventions, nothing more. There is no way to differentiate what constitutes the domain name other than presenting it to a resolver to execute a DNS query. Remember, this entire thing was designed before we started allowing scumbags access to the Internet. We are now using it for things that it was never designed to be used for. People would do well to keep that in mind as they use it, but of course they won't. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
|
Dave, I agree that the internet was not meant for e-commerce and really lacks in terms of security. In this case, the domain name is
3262345523.site
The standard should really not allow any other text in front of the domain name. It's just asking for a scam.
Vladan
|
Number named sites are quite common originating in China for reasons I can only guess at.
Dave
manuals@...
toggle quoted message
Show quoted text
On 10/8/2018 12:33 PM, pianovt via Groups.Io wrote: Dave, I agree that the internet was not meant for e-commerce and really lacks in terms of security. In this case, the domain name is
3262345523.site
The standard should really not allow any other text in front of the domain name. It's just asking for a scam.
Vladan
--
Dave
Manuals@...
www.ArtekManuals.com
|
On 10/08/2018 12:33 PM, pianovt via Groups.Io wrote: Dave, I agree that the internet was not meant for e-commerce and really
lacks in terms of security. In this case, the domain name is
3262345523.site
The standard should really not allow any other text in front of the
domain name. It's just asking for a scam. Yes, but "text in front of the domain name" is how subdomains work. Nearly all large networks use subdomains, sometimes as many has five levels deep. In the case of the fake web page being discussed, "www.ebay.com" is a fully legitimate subdomain of domain "3262345523.site". The problem here is scumbags on one end and people not paying attention on the other end. Of course, as with anything else, when the scumbags get better at fooling people, it becomes less our fault and more their fault, as is what seems to be happening here. I myself would probably have spotted the fraudulent page, but only because I ran very large (tens of thousands of domains) DNS servers years ago, and I run a couple of good-sized ones (hundreds of domains) now. Any other reasonable person may not notice it at all. ...just like any reasonable person may not notice a modified ATM with an added card-harvesting fixture, or a scam phone call from the IRS. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
|
On 10/08/2018 12:37 PM, Artekmedia wrote: Number named sites are quite common originating in China for reasons I
can only guess at. Oh, the reasons are quite clear. Schemes like this. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
|
Well the auction ended. Somebody spend over 970 pounds. Check out the auction bids and tell me if some shill bidding was going on. very weird,
|
Modern browsers highlight such fake domains anyway, IIRC. Basically, if any prefix is a valid FQDN with valid https certificate, it¡¯ll get flagged.
Cheers, Kuba
toggle quoted message
Show quoted text
8 okt. 2018 kl. 12:39 skrev Dave McGuire <mcguire@...>:
On 10/08/2018 12:33 PM, pianovt via Groups.Io wrote:
Dave, I agree that the internet was not meant for e-commerce and really
lacks in terms of security. In this case, the domain name is
3262345523.site
The standard should really not allow any other text in front of the
domain name. It's just asking for a scam. Yes, but "text in front of the domain name" is how subdomains work.
Nearly all large networks use subdomains, sometimes as many has five
levels deep. In the case of the fake web page being discussed,
"www.ebay.com" is a fully legitimate subdomain of domain "3262345523.site".
The problem here is scumbags on one end and people not paying
attention on the other end. Of course, as with anything else, when the
scumbags get better at fooling people, it becomes less our fault and
more their fault, as is what seems to be happening here. I myself would
probably have spotted the fraudulent page, but only because I ran very
large (tens of thousands of domains) DNS servers years ago, and I run a
couple of good-sized ones (hundreds of domains) now. Any other
reasonable person may not notice it at all.
...just like any reasonable person may not notice a modified ATM with
an added card-harvesting fixture, or a scam phone call from the IRS.
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
|
Well said Dave.
But you and I are attentive to domain names due to our rather DNS centric backgrounds. Other folks might want to think about using 9.9.9.9 as their DNS server (as opposed to the one your ISP hands you) as it has a number of features to knock down the spam and scams.
Bob
toggle quoted message
Show quoted text
On Oct 8, 2018, at 12:39, Dave McGuire <mcguire@...> wrote:
On 10/08/2018 12:33 PM, pianovt via Groups.Io wrote:
Dave, I agree that the internet was not meant for e-commerce and really
lacks in terms of security. In this case, the domain name is
3262345523.site
The standard should really not allow any other text in front of the
domain name. It's just asking for a scam. Yes, but "text in front of the domain name" is how subdomains work.
Nearly all large networks use subdomains, sometimes as many has five
levels deep. In the case of the fake web page being discussed,
"www.ebay.com" is a fully legitimate subdomain of domain "3262345523.site".
The problem is scumbags on one end and people not paying
attention on the other end. Of course, as with anything else, when the
scumbags get better at fooling people, it becomes less our fault and
more their fault, as is what seems to be happening here. I myself would
probably have spotted the fraudulent page, but only because I ran very
large (tens of thousands of domains) DNS servers years ago, and I run a
couple of good-sized ones (hundreds of domains) now. Any other
reasonable person may not notice it at all.
...just like any reasonable person may not notice a modified ATM with
an added card-harvesting fixture, or a scam phone call from the IRS.
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
|
As much as I dislike doing business with the Chinese there are thousands (if not millions) of legitimate Chinese "number" domains. My suspicion is that it was too difficult to register the "hanzi" characters (Chinese written language) with the Arabic character internet registry world? and that the government probably pre-approves (assigns) most domain names anyway, easier to just assign them a serial number... Only a guess though.
Dave
?manuals@...
toggle quoted message
Show quoted text
On 10/8/2018 12:39 PM, Dave McGuire wrote: On 10/08/2018 12:37 PM, Artekmedia wrote:
Number named sites are quite common originating in China for reasons I
can only guess at. Oh, the reasons are quite clear. Schemes like this.
-Dave
--
Dave
Manuals@...
www.ArtekManuals.com
|
...which is an excellent argument in support of "encryption
everywhere". The scumbags will find a way around that (like simply
registering and installing SSL certificates) but the trick is to stay
one step ahead of them.
The point, though, is that there's no way to tell what domains are
"fake". After all, what constitutes "fake" in this context? The
fraudulent listing is a fully legitimate domain name, there is nothing
"fake" about it other than the fact that, as a substring, it includes
the same sequence of characters as that of a well-known web site.
That is actually an extraordinarily difficult problem to solve without
creating lots of false positives.
-Dave
toggle quoted message
Show quoted text
On 10/08/2018 12:48 PM, Kuba Ober wrote: Modern browsers highlight such fake domains anyway, IIRC. Basically, if any prefix is a valid FQDN with valid https certificate, it¡¯ll get flagged.
Cheers, Kuba
8 okt. 2018 kl. 12:39 skrev Dave McGuire <mcguire@...>:
On 10/08/2018 12:33 PM, pianovt via Groups.Io wrote:
Dave, I agree that the internet was not meant for e-commerce and really
lacks in terms of security. In this case, the domain name is
3262345523.site
The standard should really not allow any other text in front of the
domain name. It's just asking for a scam. Yes, but "text in front of the domain name" is how subdomains work.
Nearly all large networks use subdomains, sometimes as many has five
levels deep. In the case of the fake web page being discussed,
"www.ebay.com" is a fully legitimate subdomain of domain "3262345523.site".
The problem here is scumbags on one end and people not paying
attention on the other end. Of course, as with anything else, when the
scumbags get better at fooling people, it becomes less our fault and
more their fault, as is what seems to be happening here. I myself would
probably have spotted the fraudulent page, but only because I ran very
large (tens of thousands of domains) DNS servers years ago, and I run a
couple of good-sized ones (hundreds of domains) now. Any other
reasonable person may not notice it at all.
...just like any reasonable person may not notice a modified ATM with
an added card-harvesting fixture, or a scam phone call from the IRS.
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
--
Dave McGuire, AK4HZ
New Kensington, PA
|
Yes, agreed 100%. Unfortunately, though, lots of people just "do what
they're told" these days. I've even spoken to a person, a technical
person no less, who upgraded is OS (and thus his computer, because
everyone knows you MUST run whatever OS came installed on the computer!)
when his ISP told him to...in order to support their advertisement
delivery software.
...which had nothing at all to do with what an ISP does, which is
MOVING PACKETS. This concept was lost on this (reminder: technical!)
guy, who was just blindly doing what his newly-hired ISP told him to do
on the phone.
This whole problem comes down to people diving in and using a complex
tool without learning anything about it first. Would they do that with
a Bridgeport mill? Or a car? Of course not. But they think nothing of
it with computers and the Internet.
(I remember the first time I had to deal with a consumer-level ISP. I
called them for the IP parameters and the guy asked "What Windows are
you running on your computer?" ..to which I replied "UNICOS".)
-Dave
toggle quoted message
Show quoted text
On 10/08/2018 12:50 PM, bownes wrote:
Well said Dave.
But you and I are attentive to domain names due to our rather DNS centric backgrounds. Other folks might want to think about using 9.9.9.9 as their DNS server (as opposed to the one your ISP hands you) as it has a number of features to knock down the spam and scams.
Bob
On Oct 8, 2018, at 12:39, Dave McGuire <mcguire@...> wrote:
On 10/08/2018 12:33 PM, pianovt via Groups.Io wrote:
Dave, I agree that the internet was not meant for e-commerce and really
lacks in terms of security. In this case, the domain name is
3262345523.site
The standard should really not allow any other text in front of the
domain name. It's just asking for a scam. Yes, but "text in front of the domain name" is how subdomains work.
Nearly all large networks use subdomains, sometimes as many has five
levels deep. In the case of the fake web page being discussed,
"www.ebay.com" is a fully legitimate subdomain of domain "3262345523.site".
The problem is scumbags on one end and people not paying
attention on the other end. Of course, as with anything else, when the
scumbags get better at fooling people, it becomes less our fault and
more their fault, as is what seems to be happening here. I myself would
probably have spotted the fraudulent page, but only because I ran very
large (tens of thousands of domains) DNS servers years ago, and I run a
couple of good-sized ones (hundreds of domains) now. Any other
reasonable person may not notice it at all.
...just like any reasonable person may not notice a modified ATM with
an added card-harvesting fixture, or a scam phone call from the IRS.
-Dave
--
Dave McGuire, AK4HZ
New Kensington, PA
--
Dave McGuire, AK4HZ
New Kensington, PA
|
Always look for the last full stop before the "/". It gives a very
good clue as to what is going on.
Paul.
On 08/10/2018 17:09, pianovt via
Groups.Io wrote:
Aside from the obvious weekend ebay scam, there is something very
disturbing here. I am talking about how well they disguised their
web site URL.
I generally check a URL (at least superficially) before clicking
on it. This URL probably would have fooled me. This kind of a scam
could happen anywhere outside of ebay. For example, they could
have set up a phony Amazon web site using the same method. It
looks like it was a really bad idea to allow URLs with a string of
text in front of the domain name.
Vladan
|
Am I right that the format for the sub domain is that it must precede the main thus:
()whatever.sub.domain.main_domain.com/
I realise that won't help much with an all numbers domain but does help with most legitimate sites
so 'mail.your_bank.com/' is ok but 'your_bank.mail.com/' is not?
Adrian
toggle quoted message
Show quoted text
On 10/8/2018 7:41 PM, PAUL NICKALLS via Groups.Io wrote: Always look for the last full stop before the "/". It gives a very good clue as to what is going on.
Paul.
On 08/10/2018 17:09, pianovt via Groups.Io wrote:
Aside from the obvious weekend ebay scam, there is something very disturbing here. I am talking about how well they disguised their web site URL.
|
Aside from the ¡®_¡¯, both are technically valid. There are no special reserved words like ¡®www¡¯, ¡®mail¡¯, etc, but some have become popular conventions.
Bob
toggle quoted message
Show quoted text
On Oct 8, 2018, at 15:59, Adrian <Adrian@...> wrote:
Am I right that the format for the sub domain is that it must precede the main thus:
()whatever.sub.domain.main_domain.com/
I realise that won't help much with an all numbers domain but does help with most legitimate sites
so 'mail.your_bank.com/' is ok but 'your_bank.mail.com/' is not?
Adrian
On 10/8/2018 7:41 PM, PAUL NICKALLS via Groups.Io wrote:
Always look for the last full stop before the "/". It gives a very good clue as to what is going on.
Paul.
On 08/10/2018 17:09, pianovt via Groups.Io wrote:
Aside from the obvious weekend ebay scam, there is something very disturbing here. I am talking about how well they disguised their web site URL.
|
Dave McGuire
RFI-EMI-GUY
bownes