Red Condor issued a warning of a new blended email threat that appears to be a security alert from eBay. The email message with the subject line “eBay Procedural Warning – Security Alert,” is addressed to “Dear eBay Member,” and warns recipients that the sender has “detected security issues on behalf of your account.”
The email warns that to correct the issue, users “have to download and install the eBay Security Shield.” The embedded link in the email actually takes user to a likely compromised site on eBay’s network.
On the site is a Download Now button that when executed installs a Trojan. After the victim installs the malware as prompted by the email, they are directed to log into their eBay accounts, which then sends their eBay log-in credentials to the scammers.
“While this is a relatively low volume campaign, the scammers have not only figured out how to circumvent the majority of anti-virus engines, they have also exploited an ‘About Me’ page of a compromised eBay account to host the Trojan,” said Dr. Tom Steding, president and CEO of Red Condor.
“In past eBay phishing attacks, the call to action URL has been on some random compromised machine. This scam, however, is a malicious and very sophisticated attack, and unfortunately, is a good representation of the types of phishing attacks that we are likely to see going forward. This attack is likely to get by many email security systems, so users should delete the message immediately.”