eBay Targeted by Cyber Crooks in Recent Malicious Campaign
Cybercriminals have captured the body of genuine eBay e-mail and are currently using it in a malicious campaign, thus targeting innocent internauts, reported softpedia on March 26, 2012.
The subject-line of the e-mail was titled "please confirm your identity", and the fake e-mail started in a much authenticated tone. It guided the user throughout the login process and assured them with complete safety and security. It also guided the users for completing the form provided in the next page, as provided by Hoax Slayer, on March 26, 2012.
The link in the aforesaid fake e-mail employed html to make it appear a genuine eBay web address, as explained by the security experts.
However, after clicking the fake link, the victim reaches to the website that replicates a login page of the eBay. Another web page arrives, when the user name and password are presented and request to answer the security question along with the customer's e-mail address.
In the end, a message that notifies the operation's success is presented on the screen, the client being forwarded to the legitimate eBay site to neglect any suspicion.
Security experts affirmed that all the necessary credentials submitted while logging into the false eBay website can be collected by the cyber crooks and used for their own motive. The access to the compromised account enables the crooks to lock out the actual users' account and change their password and steal their personal and financial information and use them towards the fulfillment of their selfish motives.
Therefore, eBay is seeking help from customers to help it to minimize the cases of phishing. Thus, in any case of any customer receiving a false e-mail or experiencing any type of phishing attack associated to the eBay account, they should pass it on to an eBay account. In case of spoofeed website, one is required to send the URL of the site in question for verification at email@example.com.
Related article: eBay Announces Its New “Safeguarding Member IDs” Project
» SPAMfighter News - 03-04-2012