Posted by Virus Bulletin on Sep 12, 2006
Auction losers tempted by second-chance phishes.
As part of the general trend of more focused phishing, users of online auction house eBay are reporting phishes directly targeting losing bidders.
When an auction ends and someone has been outbid, they are contacted, either by a private email claiming to be the seller or by a spoofed mail appearing to come from eBay itself, informing them that the buyer has pulled out of the sale and that they, as second place bidder, are granted a 'second chance' to buy the item.
Once the phisher has scooped up personal information, credit card or PayPal details, or even a PayPal payment sent directly to them, the victim (of course) receives no goods and the phisher disappears back into the ether. Most of the trades targeted have involved expensive audio equipment.
'eBay has always been a popular target for scams of this nature,' said John Hawes, Technical Consultant at Virus Bulletin. 'This is a new and insidious trend however; the scammers are hoping that the pleasure of seeing their dashed hopes restored will override people's normal thoughts of safety. Web users should always exercise caution when sending out their private or financial details.'
eBay offers advice on spotting spoofed version of its emails and sites, here.
Find out more about the future of phishing at the Virus Bulletin conference (11-13 October, Montréal), where Jamz Yaneza (Trend Micro) will present his paper 'Spy-phishing - a new breed of blended threats'.
See the full programme here or click here to register now.
Posted on 12 September 2006 by Virus Bulletin
