eBay users are the target of cybercriminals in a new email phishing scam. The scam is very well executed, advising recipients that a restriction has been placed on their account, and requesting their action to rectify the problem.All of the links on the landing page that users are directed to are legitimate eBay pages, with the exception of the main call to action, which asks users to click a button to ‘Go To My eBay.’
At the time of detection, only two out of 67 antivirus vendors were blocking this email as malicious. MailGuard successfully identified and blocked this eBay email scam variation.
A sample of the original phishing email is below:
On the surface, the email itself appears legitimate with the sender address from 'firstname.lastname@example.org’. The cybercrime network behind the scam has addressed the email to the actual email address of the recipient, which makes the email appear more personalized and improves the click through rate.
All of the links in the email point to legitimate eBay.com.au URLs, with the exception of one which asks the user to click through on a ‘Go To My eBay’ button. Once a user clicks on the ‘Go To My eBay’ button, they are redirected to a fake landing page impersonating the login page for eBay. This URL is not legitimate, but does resemble a legitimate URL by having ‘eBay-126.com’ contained within it.
Once a user clicks through to the landing page and enters their details, the attackers have all of the credential they require for full access to the users eBay account. Hitting ‘Sign in’ takes the recipient to another landing page which is phishing for answers to security questions.
These security questions and answers give further eBay account access to the cyber criminals.
By hitting ‘Confirm’ the user is redirected to another fake page suggesting the verification process was successful. This leaves the email recipient none the wiser. Many users will continue to transact on eBay and elsewhere, unaware that a cybercrime network now has access to their account.
As a precaution, we urge you to delete emails that:
- Appear to be from a legitimate company but are not addressed to you by name or are written in poor English.
- Require you to click a link in the email body to verify your identity or account credentials, or
- Have an unusual request that you would not expect to receive from the official purported sender.
To protect your business, we recommend that you share this alert and educate your staff about the nature of cyber threats, and employ cloud-based email and web filtering. A multi-layered approach combining desktop antivirus, anti-malware and anti-spyware will further mitigate the threat posed by emerging scams.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.