Phishing Expedition Using My Domain--Beware Please!

smallbearelec · September 27, 2005, 11:24:30 PM

I saw a message tonight that purported to come from smallbearelec.com. There's a link and a redirect in it to 204.111.168.28:90 where presumably they'll ask for the usual personal data. I have no experience combatting this kind of theft, so I am doing the first thing I can think of and warning my community.

Regards
Steve Daniels

octafish · September 28, 2005, 12:45:25 AM

Thanks Steve.
Hey Aron or Peter could we sticky this for a while so it remains at the top of the list?

PenPen · September 28, 2005, 01:13:56 AM

Steve,

I believe you can report this to your local FBI branch office. At very least they should be able to direct you to the agency that handles internet fraud. Do you have a copy of the message/email?

shawn · September 28, 2005, 04:25:35 PM

Might want to consider making an announcement on your website as well. I'm sure there are some people who purchase from you who never visit diystompboxes.

Man that is most definately lame someone would resort to that.

vanhansen · September 28, 2005, 04:40:39 PM

Expect to see this kind of thing with any place where money is exhanged. The best that can be done is to report it and also make sure it is clear on your site what info you will and will not ask for in an email.

smallbearelec · September 28, 2005, 11:22:21 PM

Thanks for the suggestions! I have done the immediately necessary on the site and will contact law enforcement tomorrow.

Regards
SD

Yun · September 29, 2005, 10:00:24 PM

ummmmm, uh oh

There was a grab bag of capacitors on your site, mr.Steve, and the price was $0.00. So i tried ordering it just to see what the price really was, and never could get it to go through. Am i "at risk" eh?

I'm really worried now....

GBlekas · October 03, 2005, 09:39:38 PM

http://www.ifccfbi.gov/index.asp

Here is a link to Internet Fraud complaints.

Also, this sounds like you might need to check your computer for a worm.
Here is a link relating to what you have described.

http://www.sophos.com/virusinfo/analyses/w32mytobbe.html

Regards,
George
www.PedalworX.com

GBlekas · October 07, 2005, 10:05:20 PM

Since I posted the link to report fraud and the virus info link I have received over 60 emails with a zip attachment with that exact virus in it.
Lucky I have a killer firewall.

Regards,
George

GVC · October 10, 2005, 01:12:23 PM

Is this still going on? I was thinking of ordering today but I am not in a hurry to become a victim

Kenny · October 10, 2005, 07:46:24 PM

Here is an IP Whoiz check. A first step... if it helps.
Not 100% sure and he could hide under other proxy's too
You want to scan for any virus's on your systems,
Don't rely on just one..norton or any other virus protection
have a few...

Deleted...

neon333 · October 10, 2005, 07:50:19 PM

Wow, I was gonna place an order tonight. Guess I'll wait 'til this gets sorted out.

smallbearelec · October 10, 2005, 10:49:32 PM

Gentlemen--

To the best of my knowledge, the shopping cart has not been compromised! I continue to get orders with no problem, and I have had no complaints of infections resulting from placing an order. I don't host my domain or my cart; both are hosted by Netco Services, which also hosts many other carts and domains. If their servers had been infected, we would know.

What I saw was a standard "phishing" scam--an e-message that purports to come from smallbearelec.com, but really doesn't. Just as you would ignore fake e-mails that appear to come from PayPal, E-Bay, etc. that ask for personal data, please ignore any similar message carrying my domain name. The shoppping cart:

http://www.smallbearelec.com/StoreFront.bok

is OK to visit and use.

Regards
Steve Daniels

News:

Phishing Expedition Using My Domain--Beware Please!