Pitter patter, pitter patter of the phish

"Mjlawson29" is one of eBay's most famous users.

Search for most eBay usernames and you'll just get a few hits from actual eBay pages. As I write this, though, mjlawson29 has "about 537" Google hits, from all over the Web. Pretty good for someone who isn't actually an eBay user any more!

A cursory examination of those hits will reveal that mjlawson29's fame comes almost entirely from the work of a tireless phisher, who's been sending phish-spam about allegedly unpaid items from that seller forever and a day. I get one of them every couple of days, if not more often. Have been for months.

Apparently this phisher thinks this repeated strategy is like playing the same lottery numbers over and over.

It is, of course, actually more like approaching the same annoyed commuters every single day with the same story about how you just need money for a bus ticket because otherwise you won't be able to make it to your grandma's funeral this afternoon.

Mjlawson29 was a real eBay user, with good feedback, but isn't any more. It looks as if they chucked it in at the end of September 2006. Coincidentally, the first mjlawson29 phishing spam that someone bothered to post to Usenet is from the start of October, 2006.

It feels as if I've been getting these phishes for a lot longer than that, but I don't archive my spam (only so many hard drives in the world, folks...) so I'm not sure.

I'm inclined to suspect that the sudden wave of undeserved abuse generated by the phishes drove mjlawson29 away from eBay. But who knows; maybe they just decided to take up a new and exciting career in stealing people's logins.

Project Honey Pot has a couple of entries for the phishers responsible for this particular crap-stream, and also ties them to several other repeated eBay-name phishes.

Have you also heard from "babyphat96", "loriweiss", "nascar*stuff*" or "selectiveseating", over and over again? I know I have!

(Loriweiss was a real user but is now gone; I don't know whether babyphat96 or nascar*stuff* were ever real, but I wouldn't be surprised if they were. Selectiveseating is real, and still trading.)

It'd be simplicity itself for these phishers to harvest a new eBay ID to broadcast with each phish-run, but instead they stick with just a few, and use them over and over and over again.

Now, you would get repeated messages from the same user if that user genuinely did think you hadn't paid them for something. But you wouldn't get 'em for a year. And, as I said the last time I mentioned the output of these particular phishers, sending the same spam to millions of recipients ensures that the identifying features of that spam will become famous.

Phishers don't want to be famous. It's like being a famous secret agent.

3 Responses to “Pitter patter, pitter patter of the phish”

  1. reyalp Says:

    I used to be puzzled by this sort of apparently clueless tactic of spammers and phishers. Surely doing something that 99% of people notice is a scam right of the bat is not the most profitable way to go about this ?

    Then I had a revelation... they WANT to select the most ignorant/clueless/lazy/stupid people. The tiny percent that are going to look at that email, not notice that they hadn't actually bought anything from that seller, not double check their records to make sure they actually owed that amount, and STILL send them money, aren't going to be the least bit affected by google results for the name. If they are that gullible, they might not even notice it's the same person they paid last week.

    Sure, they might get a few extra hits if they were little more sophisticated, but sophisticated isn't their target audience. I'd bet the people who fall for the most obvious scams are also the least likely to effectively go after the scammer if they do figure it out.

    That's my theory anyway. Scammers just being incredibly stupid is of course also persuasive hypothesis.

  2. Daniel Rutter Says:

    they WANT to select the most ignorant/clueless/lazy/stupid people

    I've written about this theory in the past.

  3. Daniel Rutter Says:

    A little update, for the benefit of any Google searchers: I've been getting a lot of phish lately pretending to be from "jerilp1", who is another real eBay user.

Leave a Reply