Phishing Emails and eBay

crime.jpgeBay has been a victim of phishing emails since the conception of the idea I bet! With hundreds of new users flooding to eBay all the time, phishing emails have become a common occurrence. In my personal inbox I get at least 3 or 4 eBay phishing emails a day, which are getting ever more convincing.

eBay have worked hard to beat the ‘phishers’ by trying to educate its members. They even have a tutorial on how to spot a spoof emails and the eBay toolbar is a must for eBay users.

Symantec have been following the scam of Trojan.Bayrob – Buying a Fake Jeep

In order to attract potential victims the scammers first list cars for sale on various auction sites. These auctions are not scams per se, but they are “legit” auctions that are used solely to attract potential victims—whoever asks a question or bids on these auctions becomes a potential victim. Once these auctions have expired the scammers get to work emailing each potential victim. These emails explain that the winner of the original auction was unable to pay, so the car has been re-listed on the auction.

Once the email is opened the trojan is silently dropped and executed on the victims computer. The scammers do not pursue the victim until the trojan has confirmed a proper installation on the machine and is working properly. Once the location of the victim is confirmed, and they are too far away from the vehicle to visit, a second email is sent.

Not only does the Trojan show a fake auction, it is also able to show fake feedback for the alleged seller too. When viewed from the infected machine the feedback page for the auction user

The infected machine then mirrors the entire auction process from start to finish to complete the fake sale.

With ever growing sophisticated criminals behind such scams, users and business owners need to be extra vigilant. Always use the eBay portal to conduct your eBay trading.

Some eBay sellers do use legitimate third party checkouts for their eBay business. This should be mentioned on the listing or at eBay checkout if they want the buyer to have confidence. You can also ask eBay or do your own research before you pay. You should only checkout if the seller is using an approved third party eBay tool as listed in the Solutions Directory. You will usually see a small logo at the bottom of the listing if a seller is using such a tool.

Phishing Emails and eBay was last modified: May 25th, 2011 by Andrew Pinner