Article Trunk



Email scams via eBay ask a question

01.02.2012 · Posted in Business News Article

There is an impressive phishing (stealing someone’s identity by pretending to be from an authority site the potential victim uses) attempt email currently doing the rounds on eBay. Wary buyers and sellers already aware of several phishing attempts are now a lot more quick to delete and mark a suspicious email as spam. The scammers are aware of this and are always improvising with new methods to steal people’s identities. The first step is to get their phishing attempt email into a user’s mailbox, they may have obtained the user’s email address from a previous sale, a previous query or from other scammers . The subject of the email may sound like a legit subject coming from eBay. A sample of the email is below:nnYou’ve received a question about eBay item #(Random item ID here)nnDear member,nnHow much is the shipping to Random place, Random country,nLet me know because I’m online and I can pay you right now.n- Inserted Powerseller IDn nDid this answer your question? If not, let the seller know.nn nItem URL: [random url]nItem Id: [random item ID]nEnd time: random datenBuyer:n nInserted Powerseller IDn nnThere are some simple rules to identify that this is indeed a phishing attempt. First offni) It is addressed to a “dear member”, eBay users should alredy be aware that their real names are usually included with any communication with eBay, to thwart just these type of scenarios.nnii) As usual the respond to link doesn’t lead to eBay but to the Scammer’s phishing site where the victim’s login details will be harvested for the scammer’s nefarious purposes if the mistake is made to login to the aforementioned url, which is what the entire phishing attempt was all about in the first place.nniii) The item url and item ID do not match, normally the item ID is located within the item url, the fact that the two are uncorrelated is a dead giveaway.nnThe Powerseller status ID inserted into the email is to give the idea of trust but in reality, the real Powerseller has no idea of any such item, nor that their name or account is being used for these purposes, and it may indeed be that the Powerseller themselves may have falled victim to a phishing attempt, as it sometimes happens hence scammers use their usernames after obtaining their stolen details, inorder to earn trust with the potential victim.

Leave a Reply

You must be logged in to post a comment.