Phishing is intentional acquiring of personal and sensitive information from the victim by masquerading as a business or individual. A scammer tries locking on his target to obtain, usually, password and username for a certain website or bank. Phishing can be called a synonym to actual fishing. Scammer throws in a bait by sending you an email or a similiar medium, pretending to be a representative of the company he tries to get sensitive information. If you eat the bait, scammer has obtained your username and password or credit card information, whatever you have sent him. Phishing is largely used in paypal, egold and similiar payment processors, banks, credit cards and eBay, but is also used elsewhere where sensitive information persists. We are going to look at some examples on the most popular of those, eBay phishing. Scammers phish on ebay to obtain eBay ID’s which then are used to sell fake or non-existent goods or such accounts can be sold further in the underground market. In other words, the new owners of stolen eBay ID’s now are equipped with positive feedback, previously generated by the real owner, and are now used to scam people. Many types of ebay scams exist. How can you be a victim of phishing?
MESSAGE FROM EBAY MEMBER
This genuine looking email is a masquerade. As soon as you clicked on “respond”, you were directed to an exact clone of eBay and your personal information was stolen. These messages come in different styles and writings. Go manually to ebay.com and check your private messages there and you will see if its real or not.
UPDATE CREDIT CARD INFORMATION
Look at the link here. It looks as valid as it could. It is written http://signin.ebay.com, but this written link actually points again, yes, to a clone of ebay. This is done with a href code in html coding. I will show you an example. Click on this link:
The Address shows ebay, but you were linked to amazon. I have linked you to amazon, but Con artist will link you to dupes of legit business websites and scam you. Beware what you click, your browser shows you the link in the left bottom corner if you only point over the link, without clicking it.
RE-ENTER ACCOUNT INFORMATION
This whole email was actually an image which referred you to a scam website if you clicked anywhere on it. Your mouse cursor changed to a “hand”, if you have this set as default when you point over a link.
ACQUIRING PERSONAL INFORMATION WITH JAVASCRIPT
The most sophisticated and clever scams are arising just nowadays with javascript. eBay allows javascript, which is a programming language to be implemented into the templates of auctions, giving scammers opportunities to scam right on ebay.com! Yes, you don’t have to leave the original ebay site, to get scammed. Manipulation of javascript and new genius scam ideas are hard to recognize. The scammer uses a fake feedback in order to make buyers believe he has a reputation at eBay. Look at this:
Fake Feedback
A feedback score of 120, paypal buyer protection button and power seller!
Real FeedBack
eBay does check the auctions before listing them, but embedded javascript codes are usually placed after the listing of an item, with the edit listing option! eBay does a lot to prevent javascript trickery by manipulating the javascript calls but con artists keep finding ways around it. This is not the only way javascript could be manipulated, watch out!
SUMMARY
Before you buy an item, check the previous items sold by this seller. Chances are if he was selling unrelated and different items than he is selling now, this ebay ID might be a victim of phishing and is now used by a con artist. Banks, payment processors, eBay all alike will never send you emails to enter your personal information! If you do receive a important notice from eBay or bank and you are in doubt if its real, close the email, start a new session with your internet browser, and manually type in the address of your bank, ebay or wherever the notice claims to come from. If you got a private message to your email from a supposed ebay member, do the same as mentioned above. Manually type the address of ebay.com and check your private messages there! In this phishing example we used eBay as one of the most popular phishing places, but phishing frauds are all over the web, so beware.
An Addon for Firefox
iTrustPage: An anti-phishing tool that prevents users from filling out suspicious Web forms, and suggests the corresponding legitimate form. It is an open source code, developed by people for people for free.
Leave a Reply