Auction losers tempted by second-chance phishes.
As part of the general trend of more
focused phishing
, users of online auction house
eBay
are reporting phishes directly targeting losing bidders.
When an auction ends and someone has been outbid, they are contacted, either by a private email claiming to be the seller or by a spoofed mail appearing to come from
eBay
itself, informing them that the buyer has pulled out of the sale and that they, as second place bidder, are granted a ‘second chance’ to buy the item.
Once the phisher has scooped up personal information, credit card or
PayPal
details, or even a
PayPal
payment sent directly to them, the victim (of course) receives no goods and the phisher disappears back into the ether. Most of the trades targeted have involved expensive audio equipment.
‘
eBay
has always been a popular target for scams of this nature,’ said John Hawes, Technical Consultant at Virus Bulletin. ‘This is a new and insidious trend however; the scammers are hoping that the pleasure of seeing their dashed hopes restored will override people’s normal thoughts of safety. Web users should always exercise caution when sending out their private or financial details.’
eBay
offers advice on spotting spoofed version of its emails and sites,
here
.
Find out more about the future of phishing at the
Virus Bulletin conference
(11-13 October, Montréal), where Jamz Yaneza (
Trend Micro
) will present
his paper
‘Spy-phishing – a new breed of blended threats’.
See the full programme
here
or click
here to register now
.
Posted on 12 September 2006 by
Virus Bulletin
Leave a Reply