Compromised eBay Account Used in Phishing Scam

Only a few days ago, an Internet security company Red Condor issued a warning of a new email threat that appears to be a security alert form the leading online marketplace, eBay. The scam message is perfectly disguised and leads to a compromised user`s account within eBay network that hosts a malicious executable.

The scam message is subjected:"eBay Security Alert - Procedural Warning", the sender`s address is spoofed to look like it is sent from the internal email system of eBay. The fake email is addressed to "Dear eBay Member" and warns that user`s eBay account is experiencing security issues and it will be limited, unless the user downloads and installs the so-called "eBay Security Shield" (Figure 1).

Figure 1. eBay Scam Email Message

If a user follows the link provided in the scam message, he will be taken to a compromised eBay account, hosting the scam page that pretends to be the "eBay Security Shield" Installer. The worst thing here is that the malicious page containing the Trojan is truly hosted on the eBay network. The hackers used an "About me" page of a compromised user`s account to host the scam page. That makes it look very real and legitimate (Figure 2).

Figure 2. eBay Scam Landing Page

"Download now" button downloads and executes a password stealing Trojan on the victim`s computer. After that, the infected user is redirected to log in into his eBay account and that`s how his eBay credentials are sent to the scammers.

At present, only seven antivirus engines recognize this threat. Although this spam campaign has a relatively low volume, it can cause many troubles to eBay users because of its low discovery rate.

eBay users must not trust any suspicious email messages found in their mail Inboxes. eBay ALWAYS use its internal messaging system to contact the customers and anyone should trust only this type of communication with the World's biggest online marketplace.