eBay sellers alert: New phishing attack

Watch Reply
More
Mark unread Print Skip to new
rose318 in Houston, TX(Zone 9a) Jan 10, 2006

From my husband who is an information technology security analyst:

Phishers catch eBay users again
Emails masquerade as eBay portal queries
06 Jan 2006

Criminals are again targeting eBay members, this time by sending forged auction inquiries from what appears to be the site's 'Question from eBay Member' message portal, according to security experts SpamStopsHere. Account holders are prompted to respond to the inquiry by clicking the 'Respond Now' button in the email, and are then directed to a fraudulent eBay log-in screen. After the seller has entered their log-in information the fraudsters steal their identity for later use.

Known as 'spear phishing', the attack is distinctive in that it is targeted and focused on one end user or organization at a time. Spear phishing emails are designed to appear as if they are sent from a trusted individual or company, and typically ask for log-in IDs and passwords. Ted Green, chief executive at SpamStopsHere, said: "We are seeing an evolution in phishing and spear phishing attacks, and the sophistication is constantly increasing.

"Cyber-criminals are relentless in developing new and ingenious methods of monetary and identity theft." Ebay members were targeted in a mass phishing campaign before Christmas which represented 96 per cent of all UK phishing attacks in December.

More sources on this topic:
http://www.vnunet.com/articles/print/2148170
http://www.theregister.com/2006/01/05/ebay_spear_phishing/
http://content.techweb.com/showPressRelease.jhtml?articleID=X413280

SpamStopsHere CEO Ted Green recommends:
1. Never click on the link in a message. If a message asks you to log into your bank, PayPal, eBay or other personal account, assume it is a phishing scam.
2. Never enter banking information, social security numbers or other sensitive information by clicking a link in a message.
3. Never enter your computer user name or password into a message that requests it, not even if it claims to be from your IT manager or other co-worker. It is easy for a spammer to forge the sender's name.
4. Never use the URL in a message as a point of reference, as it may be a forgery. If you are unsure as to the legitimacy of a particular message, open an Internet browser and manually type in the URL of the institution in question, e.g. "www.chase.com".
5. Treat any email that asks for sensitive data as a phishing scam.



Post #1964997
Quote

Post a Reply to this Thread

Please or sign up to post.
Back to Forum Homepage

More General Discussion & Chat Threads

Go to all General Discussion & Chat threads
BACK TO TOP