Two new phishing scams, one targeting PayPal and one eBay, are making the rounds on the Internet today, the anti-malware company Sophos said.
In the first, scammers are using a new twist: Instead of trying to get PayPal customers to input personal information on a bogus Web site, the e-mail sends them to a site hosted in Poland.
The site contains a Microsoft Word document purported to be from PayPal and asks them to fill that out and fax it back to a toll-free number. The scammers are using the ruse that someone has tried to reset the customer’s password and PayPal needs information from them to proceed with an investigation.
“It’s perhaps possible that the number is being redirected to a satellite phone — in which case the criminals could be sitting in a boat in international waters — or one of these efax numbers which redirects to a computer running fax receiving software,” Graham Cluley, senior technology consultant with Sophos, told TechNewsWorld about where the scam may be located.
Because Internet users are becoming more suspicious about clicking on links in e-mails, the phishers may have devised the new scam to trick them into thinking that faxing information is safer.
This scam, however, contains some obvious clues that something isn’t right, Cluley said.
“The e-mail contains some grammatical and layout errors which should raise suspicions,” he said. “Generally, we would tell people to be suspicious of any unsolicited e-mail. Legitimate organizations would never ask you to reconfirm your banking and credit card information in this way.”
Appeal to Good Nature
The second scam targets the humanitarian impulses of eBay users. It claims to be an e-mail from Greta, an 87-year-old, who has bid on a wheelchair, but cannot find the auction. She asks for help through a “respond now” button in the e-mail that leads to a bogus Web site mimicking eBay. If users type in their login names and passwords, they will be stolen, Sophos said.
“In the past phishing commonly tried to get users to log into a bogus Web site to reconfirm their details, or pick up a security message. This technique of targeting the public’s desire to show generosity and help others is a sign that the older tricks are proving less effective because of their over-use,” Cluley wrote in a SophosLab warning about the scam. “We should not be surprised if the phishing gangs continue to innovate in the psychological stings they use to fill their pockets with other people’s cash.”