Basejumper.com - archive

im a dummy and fell for a scam.
someone forged an email from apex to phish my card info for fraudulent use.
nothing to see here

If you got the goods and the bank said Apex got the money, why did you try to pay again?

because i recieved an email from perris_at_apexbase_dot_com claiming that the charge was declined and to provide a new form of payment. i sent CC info back, then i got another email asking for the image of the card front and back.

i didnt want to screw apex out of my payment. and i figured the bank had it wrong, and that actually the charge was declined. i thought emails from apex were more trustworthy than emails from my bank saying everything was ok. so i tried to pay apex again.

 

well damn, thats messed up! Hope you get things worked out!

Well, since it's a CC you should be protected on the fraudulent use and not end up losing out, but sorry dude, that's some naive shit right there!

I'm not sure if this helps for other people, but every order I make with Apex they email me an invoice and I snail mail a check to them. My situation is probably different from most, and credit cards are convenient, but if you can just wait a few extra days this would really reduce your chance of falling victim to this kind of fraud.

The fact that fraudsters are posing as BASE manufacturers seems really weird to me. We're just not that big an industry.

 

sounds like somebody hacked into your computer and got your emails and phished your credit card from you in a (what must seem to you now as a) obvious scam.

You can send a certified check through your bank through insured mail from bahamas surely?

that really sucks though man...I've been frauded this past year for 1+ thousand dollars. Got it all back finally but its a feeling of violation for sure.

This is how it works: e-mails are by standard not authenticated. That means that anyone can send an e-mail saying "yo, this message is from bubbelibubb@apexbase.com" and it will show up like that. No illegal entry (the digital kind) required, just change the message headers.

There's à catch though, you can fake the sender, but mail sent to apexbase.com will be delivered to apexbase.com. So unless the fraud guy has access to their MX, he can't read apexbase.com's mail. So, he makes use of the Reply To-header. So he tells the server "yo, thiS mail is from ...@apexbase.com, i would like replies to this mail sent to blabla@gmail.com"

Now, if you could post the mail-headers here, we could try to analyze this scam à bit further. I'll let you know how to do that once I get off this not-so-smart phone...

Apex did nothing wrong. You fell for a scam.

Do what the picture commands you, and paste the resulting text here, or PM it to me if you don't want all that info out there (a few of the fields in the header might contain your email-address, IP address (not likely but you never know), etc).

EDIT: Questions need to be answered, how did they know epibase's e-mail address, and how did they know he placed an order? Maybe he told someone he would do this in a casual internet conversation over a public forum, and the scammers used that as an entry, or maybe the scammers have access to (parts of) apex's data.

You can read whats beeing sent over wifi, so that is a possibility.
If you make a online order always do it on a secure known wifi uplink.

You can make any computer look like a average router by sharing the uplink you have on the computer and create a hotspot.
On a trainstation or airport the best way to attract traffic is probably to name the wifi ssid "free internet".
In a residential area name it "Dlink", "Netgear", "Thompson" etc. because people belive it's someone that don't know how to protect their internet.

But in reality, it's a computer that reads all traffic and logs it.
Have it running for a few days and people will use it as it's their own. And one day place a online order trough your computer.
And when that is done, your computer will have all the details needed, name, address, email, creditcard number, the website the order was placed on.

From there on it's just a matter of going to the website and find out what they sell and what their email is and forge it as Sebcat described above.

There is a reason why all safteyexperts say only use your own wifi, and protect it with password.

If i was a hacker, which i'm not, and wanted to rip you off.. which i don't..

I would have hacked into the mail system at apex base, Copied all order transcripts, and then sent new mail asking for copies of cards etc...

Its a pretty well though out.

maybe someone needs to send apex a email, and get them to have a look at there mail systems and protection in place there.

It seems very unlikely that they have happened to snare in to separate base jumpers by chance, from different countries, who i presume don't have a specific link to one another.

Long time lurker here, thought id whip up a quick account and contribute. This sounds like a spoof email, i remember doing these back in the days of trying to learn how to "hack" and be cool on da interwebz. You can send emails using command prompt, you can enter you own address, subject, txt, ect ect it doesnt have to be a real email. I dare say this is what the scammer has used (especially since he/she managed to change who it was from (periss/perris or whatever)

The apex store uses SSL/TLS, but not the product selection, so one could determine when an order is placed. But most data (like CC and account info) is still protected. Granted, SSL/TLS is not in anyway a perfect system, but I still believe it to be "safe enough".

This is still a scam though, and not an intrusion. If one was to control the network (wifi or not) between apex and epibase, one could not only read the data stream, but also manipulate it. If you can manipulate the data, you wouldn't have to use the "Reply To" header field to make it look like you where sending stuff from apex's MX.

Same thing goes for the "apex is hacked" theory. If you own the apex mail servers, you wouldn't have to send a fake header.

While it's doesn't rule out the other theories, I'd still say that the most possible scenario is that someone has gotten epibase's e-mail and the rest of the information needed for the scam through open channels or a minor security flaw somewhere and worked with it from there.

E-mail is flawed, we've known this to be a problem since the 90's. PGP/GnuPG and similar cryptographic solutions solves some of the problems associated with it, and if you're gonna use e-mail for serious stuff you might as well use some way of message authentication.

what you have suggested is correct.

Return-Path: <perris@apexbase.com>
Received: from emkei.cz (emkei.cz. [46.167.245.101])
by mx.google.com with ESMTP id h50si4499347wed.110.2011.10.27.09.02.15;

like i said before, i don't think apex did anything wrong at all, just a scammer posing as the manufacturer. i got hacked / scammed. the card was cancelled anyway, im resolving with the bank,.
i did not know that one could fake emails to that extent.

It worked, didn't it? Fraudsters will target anything they can hack. They'll even target personal email addresses and send out money begging sob stories to everyone in the address book.

You should.

You had paid for it. They had shipped it. Your bank said you had paid for it. 'They' came back asking for repayment using a highly non-standard method and you did it without checking with anybody. Dude.

^^

Maybe I missed something, but who is the second one?

I think a simpler explanation is someone has gained access to epibase's email account, and from thereon they tried (and succeeded) to phish his CC info based on his most recent recorded transactions.

If Apex's records/email/POS was hacked we would have a massive phishing emailing to all their customers.

note the .cz in the "Received" header. No reason for an email to be routed through Czech republic when it's coming from a US server :(

Especially not when the czech host in question provides a fake e-mail service with an http interface :)

Czech (haw haw haw) it out (at your own risk ofc): http://emkei.cz/

scammers hit me up from the classifieds (basejumper and dropzone) all the time.

Ordered a hook knife from their website the other day & received an email requesting my full credit card #, expiration date & security code, to "validate the order" The grammar was not perfect. I replied stating my concerns, & tried calling Apex but no one answered. Needless to say I did not send the requested info. I will get in touch with them on Monday & find out what is going on.

Post headers? Here or PM.

OK, so I called Apex & they said it is packed up & ready to ship out today. Then I get another email stating I have to contact them with my credit card info within 48hrs or the order will be cancelled! I kind of want to fuck with this Hack a little bit, but am not sure of the hacking capability this dood has, so I have chosen to hold off.

http://www.ic3.gov/complaint/default.aspx