Ebay users are once again targeted with fake notifications asking them to “confirm their identity”.
“Dear eBay Community Member, You’re signing in from a computer we’re not familiar with,” says the bogus message. “That’s no problem, but we need to take a few moments just to make sure no one is trying to access your account without permission. Please log in to your account and complete the form on the next page. [Link removed]”
The link points to a spoofed eBay login page. The victims are first asked to type in their login credentials, and then urged to answer their security question and enter their email address. Finally, they are redirected to the real eBay website, while the information inserted in the bogus site is sent to the phishers that set it up.
“The link in the email uses HTML to make it appear that it points to a genuine eBay web address,” points out Hoax-Slayer. “Moreover, to further the illusion of legitimacy, the scammers have copied the text of a standard security protocol message that is sometimes employed by eBay to protect user accounts.”
Users are advised to remember that legitimate online services and companies are unlikely to ever ask them to divulge account, credit card or personal information, and usually don’t embed links or attach files to emails for them to look at or review.