Interesting scam
 

Bought something on eBay and paid via paypal.

Confirmed through both sites purchase and payment went through. and got email confirmations as well.

Got this email very soon after purchase. I have not clicked on anything for fear it will do something, who knows what.

I'm guessing the Return to Merchant button will ask me to enter user and password giving them access to my paypal account.

But it knew I bought this thing on eBay.

http://forums.pelicanparts.com/uploa...1582932046.jpg

Hmmm....

have you run a virus scan recently?

I have but I think I need to again. Have Avast on my Mac.

Wanna talk interesting scam? A friend sold a machine to a person in NY. He sends his wire instructions to the buyer. The buyer receives another email appearing to be from my friend with new wire instructions. Buyer sends money to new wire instructions without calling my friend to confirm. Buyer is now out money. How did they know about the wire instructions my friend sent?

FWIW Shaun, I don't think you have a virus on your system. I could be wrong but I don't think it's on your system.

I'm just thinking outloud here.

I think what you think (phishing scam) is right on. They wouldn't send you an email if they had their hooks in deep. They are trying to get the good info.

So, assuming the payment amount and any other specific details of the email are accurate, I'd assume that they have either 1) seen some of the details of the sale, maybe from the merchant's side or paypal (less likely to me) or 2) they have seen your email with confirmation (which I also think is less likely unless they have your email account user/pass info.

My guess is that they've got a small hook in at the vendor end that allows them to see superficial info about sales.

One of the 2 end points is compromised.

I agree

I know he had his IT person do all sorts of work to make sure it wasn't on his end but the buyer lost the money. I heard today that the lady on Shark Tank had something similar happen. After my friend told me what happened I started calling buyers to let them know they'd only get one set of wire instructions and to call me to confirm prior to sending.

an Apple Tech (the level 2 type, not the guys at Starbucks) told me that they use MalwareBytes - it's free (has a pay for more option)

so I got that on both macs that connect to the internet

the vendor end seems most likely but a scan on his unit is the easiest thing to do

How would he address this to the vendor? If he sends an Email it can be seen...

Seems like they come up with a new scam every week. They keep coming with the old scams too. I got a email today about my multi million dollar inheiritance from someone I never heard of.

I detected things with Kaspersky that Malwarebites never picked up.

Hey Shaun! You have to scan his unit!

I did a search for "second wire transfer instructions scam" (without the quotes) and the first 3 articles that I looked at said that this is common and means that one of the parties probably has compromised email from phishing.

To me it makes the most sense that the person that received the email with the instructions has a compromised account and when the crook saw that email come in, they then sent another very similar email really quickly with the new data. Of course, it could be the email account at the other end too. Either end would work. What would be smartest would be to have the business end hacked, but if you've got enough consumer ends hacked and just monitor them for certain keywords...

I don't fully understand the details, but this scam is well known in financial and legal circles. Our professional liability carrier has advised all lawyers to not send any payment information by email at all and to only operate by fax (faxes are too low tech for the contents to get compromised) and to follow up with an in-person or phone confirmation.

There is a way for scammers to get access to your Outlook account and plant a program there. Outlook is less secure than the rest of your system and a scan won't reveal anything because virus scans only look at the operating system. I don't recall how it is that they attach the program to your email. Anyway, the program allows them to see and send emails as though they were on your computer. The scammers target people who are likely to exchange money - finance and legal professionals, real estate agents, title companies, etc. When they see a transaction they swoop in and tell the buyer to send the money somewhere else and it looks like the message is from the seller.

Over Christmas I changed my Amazon account to deliver some packages to my mother in law's house because she was there to receive them and the packages would have sat on my door step for a while. Within an hour I received an email from "Amazon" saying I needed to log back in to confirm my change in shipping location and to use the conveniently provided link.

Reminds me of wire fraud where the victims were local residents here - $780K. I don't know whose system compromised, the buyers' or the lender's... I think they were able to recover the money but not sure if the scammers were caught.

Yes, the vendor end is the most intelligent/lucrative, but if the crook has gotten the user and password for either end or for enough consumer ends, then it's like panning for gold. you go through a lot of silt, but you've only got to find a nugget every once in a while. And if you've got software setup to download emails and scan for keywords...

Does "your Outlook account" mean Outlook on the web? or Outlook running as a program on your computer?

"Over Christmas I changed my Amazon account to deliver some packages to my mother in law's house because she was there to receive them and the packages would have sat on my door step for a while. Within an hour I received an email from "Amazon" saying I needed to log back in to confirm my change in shipping location and to use the conveniently provided link."

That is sneeeeeky.