Security news
Security news19 January 2007
eBay to close on 27 February? Phishers try and lure victims with bogus vote email
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have reminded computer users to be wary of phishing scams following the discovery of a scam that tries to steal usernames and passwords off eBay users by claiming the giant auction website will close for business on 27 February.
The emails claim that eBay has decided to shut down its business at the end of next month, and is asking users to vote on whether they disagree with the decision. The email claims that 50% of eBay members are required to say that they want eBay to stay open, otherwise it will be closed permanently.
The email reads:
Dear eBay Community:
We have decided to close eBay on 27 February 2007 due to the repeatedly abuses on our company. We ask your opinion on this matter and we want to know if you agree with us or disagree .Below you can make your choice.
If you want eBay to stay open click YES otherwise click NO .Your opinion is very important to us. If 50% of the eBay members vote positive eBay stays open otherwise it will be closed.
Regards,
eBay Team
However, clicking on either of the links takes the user to a phishing website which poses as eBay, and is designed to steal usernames and passwords from users. Sophos has determined that the phishing website is hosted on a hacked server belonging to a UK legal company.
"It's unlikely that anyone would really believe that such a successful website as eBay is considering shutting its doors for business, but they might think it is a teaser campaign by the auction giant for some other kind of promotion," said Graham Cluley, senior technology consultant for Sophos. "This isn't the most sophisticated phishing campaign in the world, but it could still result in the unwary handing their account details over to hackers who could then use them to make fraudulent purchases and commit other identity crimes."
Last year Sophos revealed that over 75% of all phishing emails were targeted at customers of eBay and PayPal.
eBay, like Sophos, is a member of the Anti-Phishing Working Group (APWG), an organization dedicated to wiping out internet scams and fraud. eBay has published tutorials on how to spot phishing emails on its website:
Sophos continues to recommend that all organizations protect their email with an integrated security solution to thwart spam, spyware and malware threats.
Download now
- USA number 1 for malware and spam
- Huge surge in email attachment attacks
- Scareware makes users buy bogus products
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
