eBay/Google Scam?


(paulc) #1

Not quite sure how this is happening… I wanted to go to ebay, so I typed ebay, got the customary google results page, clicked on the link that SAID it was going to ebay.com, but instead I got redirected to this address:

https://programmingaccess19-net.gq/macx/

The link on the google results page looks proper… but somehow it get re-directed to this site… which is loaded to the hilt with a ton of very scary talk about how my system is compromised and infected with every virus known to man. Oh, for the hell of it, MalwareBytes says I am clean. Does that domain ring any bells with anyone… and have any of you seen something like this before?

Update: gets more interesting… the first part of that address seems to relate to M$ dot net programming, the dot gq is equatorial Guinea. The more I think about this, the clearer it kinda seems google has been compromised…


(Brian White) #2

Obviously a wrong/bad link, but I’m curious why you’d “search” for ebay instead of just typing ebay.com directly in the address field?


(paulc) #3

Just blindly typed it, think it went into their search field on the default page. I DO remember the days when one almost never had to type the .com part… AND it now seems it is not doing this to me (could someone have read my message to them 20-30 minutes ago and took some action??), BUT the bad part DID come from hitting a link on their results page.


(Fritz Mills) #4

If you type ebay into the Safari address field, it will supply the .com as the default. Hitting Enter will take you there


(morwen) #5

What’s your browser homepage set as in settings?


(paulc) #6

Just “New Tab Page” which gets filled by Google with a search box and a collection of recently used links. I did repeat what I did multiple times to obviate any mis-hit keys (which I am famous for!). ALL of the results links I tried started "https://www.ebay.com/bigLongString." It WAS getting re-directed to that site in Guinea. It is possible that it COULD have been a one time thing and that the subsequent runs were pulled from some sort of cache Chrome runs. Pretty sure it did not come from anything on my end… if I had gone to some dodgy site before that, yeah. I DO get a lot of phishing e-mails, but I’m generally pretty savvy about that stuff. There HAS been some recent activity where I am getting multiple mails from ebay suspending accounts I never set up… someone is using my domain name with fictitious addresses, like "[email protected]… those do get delivered to me, but I just look and mark as spam.

EEEK, I have NO idea how my text size got changed, it was nothing I intended and I can NOT see how to fix it!.


(Adam Engst) #7

The text size change happened because of the angle brackets you had in the URL. I fixed it by deleting them.


(paulc) #8

Thanks… I had used them to show that “big long string” was a comment from me, not part of the actual address. Never have seen anything like this and I have been doing forums since the BBS/acoustic modem days!


(Adam Engst) #9

It’s unfortunately fairly common that angle brackets cause problems since the system has to decide whether to escape the angle brackets as entities or see them as HTML tag delimiters when HTML is allowed for formatting.

Discourse is really good about showing you a preview of what you’re typing when you’re using the Web interface to avoid that as a problem; when submitting via email, all bets are off since additional conversion has to take place on the incoming message.


(paulc) #10

Damn, shows how long it’s been since I wrote code (first big site I ever created was 95% hand coded, there were NO utilities back then… well except Rich had some very preliminary stuff in BBEdit)), d/oh, angle brackets! Yeah I did write it in the web interface, but never saw the huge text… should have been hard NOT to notice. When I went back to edit out the text size, I saw it right away… so maybe some lag.


(Jim Chaffin) #11

Most good browsers have a caching system; it makes refreshing a page much faster. But before hitting the ‘reload page’ action, find and use the empty cache function in that browser, otherwise, you may just keep recalling the page from the browsers cache system.

As for clicking links, I suggest installing (if your OS doesn’t already do it) a plugin that will display the actual url in a browser link. Just like hovering over a link in Mail, why go to a link that is obviously not what is being displayed on the screen?!


(Curtis Wilcox) #12

You don’t need a plugin for that, all desktop browsers can still display the URL on hover at the bottom of the window. In Safari it’s hidden by default but you can turn it on by clicking View > Show Status Bar.


(paulc) #13

Thanks for trying guys, but in my OP I did say that it SHOWED the correct link address, but got sent to the malicious one. Trust me, I know all about hovering and exposing links, that is how I catch most of this nonsense. AND yes, I repeated that several times… although after the first one, it may have come from the cache as I speculated.


(Joseph) #14

I’ve had this exact sma thing happen to me.

First thought was a malicious plugin or other compromised local computer (virus, etc.). But it wasn’t.

I never figured out what the problem was, but it seemed to me that it portended something big was wrong somewhere in the Googleverse.