Twitter and Facebook have each been targeted with a series of fake scams targeting users and now eBay has joined the list. The mail contains the subject line “eBay Procedural Warning – Security Alert” and warns the user that they have “detected security issues on behalf of your account.”
In order to stop the “threat,” the fake warning asks users to download “install the eBay Security Shield.” The link contained in the email takes the user to a false eBay website, which is likely compromised. The link on the website to download the software installs a Trojan on the user’s computer.
“While this is a relatively low volume campaign, the scammers have not only figured out how to circumvent the majority of anti-virus engines, they have also exploited an ‘About Me’ page of a compromised eBay account to host the Trojan,” said Dr. Tom Steding, president and CEO of Red Condor. “In past eBay phishing attacks, the call to action URL has been on some random compromised machine. This scam, however, is a malicious and very sophisticated attack, and unfortunately, is a good representation of the types of phishing attacks that we are likely to see going forward. This attack is likely to get by many email security systems, so users should delete the message immediately.”