Security researchers at TrendLabs have discovered a rather elaborate phishing scam where cybercrooks have carefully spoofed eBay webpages in hopes of tricking people into handing over their personal information.
In the attack, the victim is presented with what appears to be an eBay page offering the iPhone 4S at a deeply discounted price that appears to be offered from a seller with a positive feedback rating. Aside from the ‘Buy it Now’ option, all of the links on the phishing page are said to point to the legitimate pages.
Once a victim clicks on the “Buy it Now” button, they will be taken to a fake login page that asks for personal information like their name, address and email. Upon sending the requested information, the victim will see a confirmation screen that states an invoice will be sent to them with payment details and that they should contact the seller scammer via email.
Of course, anyone that actually uses eBay will notice that this typically isn’t the way that business is done on the auction site.
Despite the effort that the crooks have put into setting this scam up, there are ways you can spot it when you see it:
- The fraudulent eBay pages are not hosted on the “ebay.com” domain and instead they’re hosted on a domain that is followed by “/www.ebay.ie/” (or some variant of it). Example: www.domainname.com/www.ebay.ie/apple-iphone-4-s
- The fake page lists the price in EUROs (or another foreign currency) while the real page is listed in USD.
- The fake page offers the iPhone 4S at a deeply discounted rate. Considering the iPhones 4S retails at a minimum of $649 ($849 for the 64GB version), I doubt anyone would be selling a new one for hundreds less.
Keep your eyes peeled when shopping for deals online and remember the golden rule, “If it appears too good to be true, then it probably is.”
Follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news and PC security alerts.
Photo Credit: Mike Knell