After the recent notifications that eBay was hacked and some details probably have been stolen, we all wondered how long before the phishers started to get in on the act and we started to get lots of eBay phishing attempts

Today we started to receive eBay phishing emails that aren’t connected with the password reset that eBay are requesting all users to do, but a more typical phish with a message saying an eBay member has left you a message regarding item no #2389452906.

Loads of people do buy and sell on eBay and it is very common to get a message from a buyer or a seller about an item that you are bidding on or selling. It is all to easy to just click the email link and get p0wned. You should always ignore the links in these emails and log in to your eBay account manually and check the My Messages link inside eBay. That is the only to be guaranteed that it is the correct site.

This one is quite well crafted and until you look very closely at the web address, you could quite easily believe that you are on the genuine eBay site. Look very carefully at the site address in the screenshots

where the real eBay address is

Always look very carefully at the full web address and pay attention to the part immediately before the first / do not rely on the first part of the address.

Email looks like:

Question about Item #2389452906- Respond Now

eBay sent this message on behalf of an eBay member through My Messages.
Dear member,

eBay member timeautoparts has left you a message regarding item #2389452906

Click here to view the message

Regards,

eBay

Ebay phish email

If you follow the links in the email, you end up on a page looking like this

Ebay phish site

and then after giving your details are sent to a confirmation page that looks like this asking to conform your email address and email password. The phishers want 2 bites at the cherry and not only want your eBay account log in details but also your email account log in details so they can use that to spread their spam and malware

Ebay phish confirm

That then bounces you to the genuine eBay site where you don’t realise that you have given your details to a phishing site.

Please read our How to protect yourselves page for simple, sensible advice on how to avoid being infected or having your details stolen by this sort of socially engineered malware.

All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email or follow links in them . Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Or whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details.

Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE .SCR or .COM then it is a problem and should not be run or opened.