Issue 118 - September 2011 - Page 20
eBay 'Trusted Selling with Identity Confirmation' Phishing Scam
Message purporting to be from John Canfield of eBay Trust & Safety claims that eBay is implementing a new safety initiative called Trusted Selling with Identity Confirmation and members must therefore follow a link to update their password and other account information.
The message is not from John Canfield or eBay. The email is a phishing scam designed to trick recipients into divulging their eBay account details to Internet criminals.
Detailed analysis and references below example.
Last updated: 28th July 2011
First published: 28th July 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: eBay System Update: Identity Confirmation
Dear eBay member,
eBay recently announced a new safety initiative called Trusted Selling with Identity Confirmation that will help to protect members from unauthorized listings in that seller's name.
All these measures are made concerning your security.
Please take a minute to update your contact information: Make the Identity Confirmation now
To protect the Community against this type of fraud, beginning today, eBay will start noting which computers members typically use to conduct their buying and selling activity.
Now more than ever, having a current Secret Password on file with eBay is vital to the safety of the Community and to your business. A wrong or outdated Secret Password may delay your ability to list items or respond to your customers, if eBay cannot verify your identity.
Senior Director, eBay Trust & Safety
According to this email, which purports to be from eBay Senior Director for Trust & Safety, John Canfield, eBay members must follow a link and confirm their identity because a new safety initiative called Trusted Selling with Identity Confirmation is being implemented. The message claims that members must ensure that they have a "current Secret Password" on file with eBay so that the new system can correctly verify their identity.
However, the email is certainly not from John Canfield or any other eBay staff member. In fact, the message is a phishing scam that attempts to trick recipients into visiting a bogus website and disclosing their eBay login credentials and other personal information.
Those who fall for the ruse and click the link are taken to a fraudulent website designed to look like a genuine eBay page and asked to login with their username and password. If they proceed as instructed and "login" on the bogus site, they will then be asked to provide further personal and financial information, ostensibly as a means of verifying their identity in order to comply with the new security system. At the end of this process, they may be automatically redirected to a genuine eBay site and therefore may not immediately realize that they have submitted information on a fake website.
Meanwhile, the criminals operating the phishing attack will collect the information submitted by their victim and use it to hijack his or her real eBay account. They may also use other private and financial information collected during the scam to commit further fraud and steal their victim's identity.
In this case, the scammers have fraudulently used the name of a real eBay director and a real, albeit outdated, security initiative as a means of making their claims seem more believable. In fact, parts of the scam message are lifted verbatim from a genuine security announcement from John Canfield
that was published back in April 14, 2008. The announcement discussed the "Trusted Selling with Identity Confirmation" initiative, which was designed to protect members of the eBay community from becoming victims of fraud. The announcement requested users to update their registered phone numbers, noting:
Now more than ever, having a current phone number on file with eBay is vital to the safety of the Community and to your business. A wrong or outdated phone number may delay your ability to list items or respond to your customers, if eBay cannot verify your identity.
The scammers have twisted the above request to fit their own agenda by claiming that users must update their passwords rather than their phone numbers. Thus, in this case, the criminals have attempted to use a legitimate announcement regarding a real security initiative as a cover story for their fraudulent activities.
In fact, eBay is a regular target
for phishing scammers and many different methods
have been used to trick eBay users into handing over their account details. eBay will never ask you
to provide personal information via an unsolicited email that uses a generic greeting such as "Dear eBay member". Be wary of any message purporting to be from eBay that claims that you must follow a link or open an attachment in order to update account details. Note that genuine eBay messages will always appear in the "My eBay - Messages" section of the eBay website while scam messages will not.
A Message from John Canfield
eBay Phishing Scam
Question About eBay Item Phishing Scam
eBay - Phishing emails
Pages in this month's issue:
- Protest Message - First Responders Not Invited to 9/11 Tenth Anniversary Ceremony
- Amazon Account Review Phishing Scam
- 'May God Bless This Kind Person' Spyware Hacker Warning Hoax
- Diego Mendez Prayer Request
- 'Numerous Spams Activities from a Foreign IP' Webmail Phishing Scam
- Hoax - Professional Hacker 'Faceb Hu' Taking Control Of Computers Via Friend Requests
- ACH Payment Canceled Malware Email
- Fake Child Abduction Alert - Three Year Old Missing from Wollongong
- Request to Change Facebook Status to Support Injured Biker George
- Bogus Health Warning - Scratch Card 'Silver Nitro Oxide' Coating Causes Skin Cancer
- Bogus 'Free Items for Participating' Facebook Events
- Overblown and Outdated Warning - Facebook Instant Personalization
- Drano Bottle Bomb Warning Message
- Hotel "Wrong Transaction" Malware Emails
- Invitation FB Olympic Torch Virus Hoax
- Warning - ALDI External 4-in-1 Hard Drive Contains Built In Malware
- DEW Bottled Water Fatal Poisoning Hoax
- Unfounded Rumour - Facebook Friend Request Warning - People Trying to Access Photos of Children
- Massive Mound of Writhing Rattle Snakes
- eBay 'Trusted Selling with Identity Confirmation' Phishing Scam