ID SECURITY

Two Phishing Scams Target PayPal, eBay Users

Print Version
E-Mail Article
Reprints

By Susan B. Shor
TechNewsWorld
08/12/05 9:10 AM PT

Because Internet users are becoming more suspicious about clicking on links in e-mails, the phishers may have devised the new scam to trick them into thinking that faxing information is safer. This scam, however, contains some obvious clues that something isn't right.


95% of email is spam. Want to spend more time on the other 5%? Google's hosted email security, powered by Postini, stops email threats before they reach your business. There is no installation or maintenance required, freeing you to focus on strategic activities. Watch our video to learn more.

Two new phishing scams, one targeting PayPal and one eBay (Nasdaq: EBAY) Latest News about eBay, are making the rounds on the Internet today, the anti-malware company Sophos Latest News about Sophos said.

In the first, scammers are using a new twist: Instead of trying to get PayPal customers to input personal information on a bogus Web site, the e-mail sends them to a site hosted in Poland.

Bogus Investigation

The site contains a Microsoft (Nasdaq: MSFT) Free Trial. Security Software As A Service From Webroot. Latest News about Microsoft Word document purported to be from PayPal and asks them to fill that out and fax it back to a toll-free number. The scammers are using the ruse that someone has tried to reset the customer's password and PayPal needs information from them to proceed with an investigation.

"It's perhaps possible that the number is being redirected to a satellite phone -- in which case the criminals could be sitting in a boat in international waters -- or one of these efax numbers which redirects to a computer running fax receiving software," Graham Cluley, senior technology consultant with Sophos, told TechNewsWorld about where the scam may be located.

Because Internet users are becoming more suspicious about clicking on links in e-mails, the phishers may have devised the new scam to trick them into thinking that faxing information is safer.

This scam, however, contains some obvious clues that something isn't right, Cluley said.

"The e-mail Learn how you can enhance your email marketing program today. Free Trial - Click Here. contains some grammatical and layout errors which should raise suspicions," he said. "Generally, we would tell people to be suspicious of any unsolicited e-mail. Legitimate organizations would never ask you to reconfirm your banking and credit card information in this way."

Appeal to Good Nature

The second scam targets the humanitarian impulses of eBay users. It claims to be an e-mail from Greta, an 87-year-old, who has bid on a wheelchair, but cannot find the auction. She asks for help through a "respond now" button in the e-mail that leads to a bogus Web site mimicking eBay. If users type in their login names and passwords, they will be stolen, Sophos said.

"In the past phishing commonly tried to get users to log into a bogus Web site to reconfirm their details, or pick up a security message. This technique of targeting the public's desire to show generosity and help others is a sign that the older tricks are proving less effective because of their over-use," Cluley wrote in a SophosLab warning about the scam. "We should not be surprised if the phishing gangs continue to innovate in the psychological stings they use to fill their pockets with other people's cash."

Social Networking Toolbox:
Talkback: Be the first to comment on this story.

Print Version E-Mail Article Reprints More by Susan B. Shor   RSS

Related Resources

Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]