Phishing Scam Attacks Users of Auction Site Bidorbuy

Investigators at Sophos the security company caution that a new phishing scam is attacking people using Bidorbuy an online auction site which's the biggest in South Africa.

Highlights the company, the fake electronic messages spoof the address as though they've originated from hello@bidorbuy.co.za while they display the logo of Bidorbuy along with its copyright notice.

Written rather poorly, the text of the e-mails cautions the recipient that someone stole his Bidorbuy account. The alert is being issued for making sure that the recipient alone has access to his Bidorbuy account. The message then requests him to click a given web-link namely https://www.bidorbuy.co.za/jsp/login/UserLogin.jsp for restoring his account and eventually apologizes for any sort of inconvenience caused while assuring that the message is for ensuring the security of the user and his account.

Says Senior Technology Consultant Graham Cluley at Sophos, clicking the web-link, nevertheless, does not take the user onto the actual Bidorbuy site rather it leads onto a phishing site that is hosted on a server in Russia. Nakedsecurity.sophos.com published this on February 21, 2011.

Additionally, Cluley says that anyone can clearly perceive how alarming it's if people get an alert telling someone has stolen their account, prompting the thought that some other person may be buying items on the Internet auction site utilizing those people's credentials. Nakedsecurity.sophos.com reported this.

Incidentally, people must know that phishing gangs do not simply attack people using PayPal, eBay, iTunes or similar multinational brands of the world. They may as well execute assaults on local websites, expecting for harvesting rich gains incase Internet-users lack the necessary awareness, Cluley observes.

Worryingly, it's because of the above kinds of phishing scams that there has been such an enormous rise in phishing just like Sophos highlighted in its 2010 Security Threat Report.

Ultimately, for lessening these phishing assaults, security specialists suggest that incase an end-user gets an e-mail, which appears needlessly important then he mustn't follow its web-link rather he must erase that e-mail instantly. Further, users must know how an e-mail is formulated i.e., if the message contains any spelling mistakes or if its content really makes any sense.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 3/2/2011