Michele Neylon :: Pensieri

Technology, Marketing, Domains, Thoughts

eBay Phishers – New Angle

by 6 Comments

The latest batch of eBay phishing attacks are quite interesting.
Instead of pretending to be from eBay they pretend to be from “Hilda”
In a very nice bit of social engineering Hilda informs you that she’s 87 years old and is trying to buy a wheelchair:
“Hello,
I recently placed a bid on item#5669378843 being a wheelchair for me that i really need do to my age(87 years old) and it seems that i can not find the auction anymore…May i please know if you are the seller of the item above?
Regards,
Hilda”
Of course the “Respond Now” button will take you to a server in China, which has nothing to do with eBay where you will, of course, be prompted for your eBay login details

Related Posts:

Reader Interactions

Comments

  1. barry says

    all very well to highlight problems, whats the solution, how about for those who do not know, give the details on how to check where the e/mail originated.

  2. michele says

    Barry – I suppose the logical thing would be for me to provide a succint explanation somewhere of how to check an email’s validity. I’ll see what I can put together
    Thanks for your feedback

  3. Ambrand says

    Solution: Disable HTML email on newbies client OR tell newbie NEVER TO CLICK LINKS or “buttons” FOUND IN EMAILS

  4. michele says

    Disabling HTML email is not a very viable option, as many people are subscribed to legitimate newsletters etc., that use it.

  5. bernard says

    http://www.runningwithbulls.com/blog/2006/02/27/ebay-phishing-attempts-getting-smarter/
    I have seen one also. TBH, from a 1 second look at the mail heading, my first impression was it might be true. Of course, after thinking about it, I had not taken part in any ebay auction in months.
    Also, the “average” ebay user would not know that off-ebay contact from a seller is frowned on by ebay.
    What can be done to stop these phising attempts…thats the hard part.
    Disabling HTML on e-mail is only one way, and not the best way, since the URL is still there. Clueless people will still do clueless things.
    Possibly the best way is for ebay to disable all e-mail information for users. This will then remove to “channel” these phishers use.
    Of course, finding a way to communicate to their users is then the problem.
    Maybe via an RSS feed, similar to the rss feed gmail provide?
    b.

  6. michele says

    I have server-side phishing checks, but even without them the spf checker plugin for thunderbird flags the email clearly

Leave a Reply

Your email address will not be published. Required fields are marked *