14 DAY TRIAL // Security researchers from Sophos warn of a phishing campaign targeting users of Bidorbuy, the largest South African Internet auction website.
The rogue emails purport to come from a [email protected] address and bear a subject of "Attention! Your BidorBuy account was stolen!"
This is a classic phishing attack where the victims are scared into exposing their credentials.
Traditional lures similar to this one include the threat of account suspension, fraudulent charges, suspicious activity, and so on.
The header and footer of the email body contain the Bidorbuy logo and copyright notice. The enclosed message is rather poorly formulated and reads:
"Attention! Your BidorBuy account was stolen! This is a must to ensure that only you have access and use of your BidorBuy account and to ensure a safe BidorBuy experience.
Please ckick on the link to recovery your account: https://www.bidorbuy.co.za/jsp/login/UserLogin.jsp
Please understand that this is a security measure intended to help protect you and your account. We apologise for any inconvenience."
Even though it appears to lead to an HTTPS secure website, the link points to a phishing page mimicking the Bidorbuy login form, which is hosted on a Russian server.
"It's worth everybody remembering that phishing gangs and cybercriminals don't just target users of multinational global brands such as eBay, PayPal and iTunes.
"They can also launch attacks targeted on local websites - hoping to make rich pickings if computer users aren't wary enough," warns Graham Cluley, senior technology consultant at Sophos.
The Bidorbuy company was founded in August 1999 and originally operated multiple online auction websites in countries like South Africa, India, Australia, Israel, Brazil, Argentina, Mexico, Italy and Spain.
The South African website is the only one still in operation and the company also bought stakes in other local Internet businesses, like the price comparison service Jump Shopping or online payment service PayFast.