Monday, January 3, 2011

eBay 'Respond Now' Phishing Scam - - Reality of the Mail Pretending to Be From eBay on Behalf of Likely Buyer

Beware! It's a Cyber World - - Summary:

A rapidly circulating email pretending to be a question sent via eBay from a likely buyer, instructs the recipient to answer by clicking the "Respond Now" button.

In fact, clicking the "Respond Now" button opens a bogus login webpage as the email is not from eBay. The email is a phishing scam designed to steal eBay login details from recipients. 

Subject: Question about Item #492297780326 - Respond Now

Question about Item #492297780326 - Respond Now

eBay sent this message on behalf of an eBay member through My Messages. Click the "Respond Now" button to answer the question.

Item: 492297780326

This message was sent while the listing was active.
********* is a potential buyer.

Hello, Shipping to Washington, DC please?
Thank you,
Betsy Respond to this question

Responses in My Messages will not include your email address.

Thank you,

Beware! It's a Cyber World - - Explanation:

Online auction website eBay is almost constantly targeted by scammers intent on stealing login and other personal information from eBay members. Such scam messages take many forms, including supposed complaints from other members, bogus "eBay administration" messages that claim that members must upgrade account details, and, as in the version discussed here, fake queries from potential buyers about item listings.

In this particular phishing campaign, the scammers have sent out bogus messages that supposedly contain a question about shipping costs from a potential buyer. The email, which at first glance appears to have been sent via the eBay website, requests recipients to click the "Respond Now" button included in the message, ostensibly in order to answer the "buyer's" query. However, the email was not sent via eBay and does not contain a genuine question from an eBay user. In fact, the email is an attempt by Internet criminals to steal confidential eBay login details from unsuspecting users.

In order to further the illusion of legitimacy, the bogus emails are designed to closely resemble genuine eBay messages. They include eBay logos, colour schemes and formatting. Those who fall for the ruse and click the "Respond Now" button will be taken to a fraudulent website that mimics a genuine eBay page. Once on the fake site, the victim will be urged to "login" with his or her eBay username and password supposedly so that a response to the "question" can be provided. However, the login details entered on the fake site will be sent directly to the scammers who can then use them to access the victim's real eBay account. Once they have managed to hijack the victim's account in this way, the scammers can use it to commit fraud using the victim's identity. In some versions of the scam, the victim may also be asked to provide credit card and other personal information via secondary forms displayed on the bogus website.

Given the prevalence of phishing scam attempts that target eBay, users should be very cautious of any emails that ask them to click a link and provide login details or other personal information. Rather than follow a link in an email, a safer method is to go directly to the eBay website via a new browser window and login. Genuine eBay messages will appear in the "Messages" section of your eBay account. eBay has published several basic tips on protecting yourself from scammers on its website along with more comprehensive information about phishing scams.

Many other high profile online entities and financial institutions are regularly targeted by phishing scammers. Phishing remains one of the most common types of Internet fraud and many people all around the world fall victim to such scams every day. 

No comments:

Related Posts Plugin for WordPress, Blogger...