14 DAY TRIAL // Cybercriminals have taken the body of a legitimate eBay identity verification email and began using it in a malicious campaign designed to steal the accounts of unsuspecting users.
“You're signing in from a computer we're not familiar with. That's no problem, but we need to take a few moments just to make sure no one is trying to access your account without permission. Please log in to your account and complete the form on the next page. [Link],” reads the false email provided by Hoax Slayer.
The crooks not only copied the text of a genuine eBay notification, but they have also made the shady link look like it really points to the eBay site.
Once the phony link is clicked, the victim is taken to a website that replicates an eBay login page. After the username and password are submitted, another webpage appears, requesting the answer to the security question, along with the customer’s email address.
In the end, a message that informs of the operation’s success is displayed on the screen, the client being redirected to the legitimate eBay site to avoid raising any suspicion.
At this point, all the data is stored in a database controlled by the phishers, enabling them to easily access the account, make purchases on the user’s behalf, and even steal his/her financial information.
While cybercrooks can easily spoof email addresses, forge notifications and develop legitimate-looking websites, it’s difficult for them to replicate a couple of details, which could give away the scam.
First of all, the name of the site displayed in the web browser’s address bar may look something like “ebay.com”, but it’s always something slightly different.
Furthermore, eBay ensures that every operation that involves sensitive information is guarded by a digital certificate symbolized with the padlock icon and the HTTPS connection. If the HTTPS connection isn’t present, the site is surely part of a fraudulent scheme.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.