eBay Password Phishing Scam


Another massive data breach and another phishing scam was not far behind.–PC Pitstop

eBay Password Phishing Scam

By Stu Sjouwerman, for KnowBe4.com Security Awareness Training

Ok, unless you were on an Internet-free vacation (fat chance); you have heard that eBay managed to lose all its 145 million credentials.

Cybercrime works a lot like a business, and they have massive phishing campaigns all set to go for the next major data breach. Just add a logo, change one line of code and they are off to the races.

And so it goes with the recent eBay debacle. Trend Micro predicted that in 2014 we would see one or more major security breaches a month, and up to now they are not far off the mark. There are several pitfalls with a large breach like this: first the data itself will get sold, causing even more identity thefts. Next, the breach will be used by other cyber mafias to social engineer people into going to a fake eBay site, and fill out confidential information.

We have seen this pattern happening over and over again, so this time you get an advanced warning…

Article continued here

This excerpt appears with permission from knowbe4.com.

129 total views, 1 views today

(Visited 104 times, 1 visits today)

16 thoughts on “eBay Password Phishing Scam

  1. Recently I received an e-mail about my Chase Checking Account – problem was I didn't have one. I received some contact from AT&T, so instead of openin the screen, I called AT&T, who requested that I report it to their office, as it was bogus. I also received the fraudulent E Bay email, but I hadn't been on that website in over two years and had a different Internet Carrier then. Lots of scammers out there. Also BEWARE OF PERSONS RESPONDING TO YOPUR CRAIG'S LIST AD, who sends a very authentic-looking check from Bank Of America in California. My Bank accepted it and cashed it. The person wanted me to "pay the Transporters in advance" for a horse he was purchasing from me, and directed me to send money via Western Union to a California address. I screwed up and did so, and was out $1750, but I still did get to keep the horse. The people sounded Middle Eastern on the phone, but texted in impecable English. So watch out for all those so-called "official contacts". This is one reason why I purchased PCMatic, so as to intercept these shoddy websites. Good luck, and keep a straight head on when answereing these messages.

  2. ebay has had some probs over the years,but if you have probs with paypal with is with ebay and you are not sure be very careful for it may cost you been there done that and paypal took care of it. still ebay is still a safe site if done properly. thank you.

  3. As long as you are aware of them, then you should be fine. There arew far too many that haven't got a clue as to what to look for and get caught in them. There are a lot of us out here on various forums that try to educate people on this subject. I get plenty and they are just a nuisance. If it is something involving my bank and there have been several, I will report those.

  4. As long as you don't open the link and give them the info they are looking for, you should be fine. It is annoying though.

  5. Gotten several of those things and reported them. Easy enough to pick up on if you check the source of the email. I bought a puppy last year using PayPal and my Visa Card. Got a phone call from Sears one morning regarding the $500 TV I had bought. Problem was, I had not bought a TV. I have shopped at Sears online in the past and they noticed some discepencies in , I suppose, the shipping address. Immediately called the bank and had the card canceled. At this rate, PayPal may go the way of the Dinosaur as nobody will use it due to lack of security. I used to Moderate on the PCWorld Forum until it was shut down recently. They would come in all the time advertising stolen Credit Card Info for sale. They have regular "Brokerages" for that stuff.

  6. Just as well I had the sense to change my password about a week before all this crapola started…..

  7. KnowBe4 will only accept e-mails from a domain name this leaves out the end user. I have many Phishing attacks and any e-mail that says To undisclosed users are immediately deleted. Those that supposedly comes from any site such as Pay Pal or my bank that do not have my name in the header gets sent straight to the company concerned who e-mail me by return and informs if the e-mail is genuine or a phishing e-mail. To date all that I have sent have been Phishing e-mails. For my banking I have Rapport security. For everything else I have McKafee Norton Spark trust and Key pass. Although Key pass passwords are encrypted I still change the password frequently. Any e-mail that requires my personal details don't get it until I have checked it out, Hope this will help end users like myself who do not have a domain.

    Sincerely Michael

  8. anytime there is not your name in the email i treat it as phishing, ANYTIME the email looks suspicious, i will normally delete it. i will NOT open any links in emails unless i KNOW who it is from, and a lot of times even then i will go to a separate browser window and open the site there, NOT through the link in the email. It does not take much to avoid scams. even if from ppl you know, if something does not look quite right, it probably is not. Ask them about it in a separate email or phone call to verify.

  9. I got an email from Ebay to update my password & forgot to do it while I was in my email account.
    So after I closed my browser I reopened it & used my history to open an old Ebay link whereupon I got a page asking me to change my password.
    I think old links that were successful are the best way to enter a site. I keep my history up to date & delete any links that I don’t feel good about.
    Some say to delete all history & that is fine for young people with good memories!
    But old folk like me need that drop down list of links to past websites accessed or we would go round the twist keeping paper lists of addresses! 😉

Leave a Reply

Your email address will not be published. Required fields are marked *