Is eBay actually supporting phishing?

From time to time I am wondering if these guys (I am thinking at eBay, PayPal, Amazon, some banks) are actually trying to help phishers to do their “jobs”.

The email you seen in the screenshot is a 100% authentic email from eBay Germany. I am being asked, you guessed right, to “protect my eBay account”.

“Dear <user>, you have not updated your personal data since more than a year. In order to have your personal data up to date, help us to protect your eBay account better”. Sounds good, right? Please check your personal ebay information and make sure that they are up to date. Please ignore this message if you have updated your data recently.”

 

Same as 99.99% of the phishing emails.

I couldn’t believe my eyes either, so I checked the headers of the email:

ebay-real-headers

 

Useless to say, this is against their own policies mentioned here in German http://pages.ebay.de/help/account/recognizing-spoof.html and in English here http://pages.ebay.com/help/account/recognizing-spoof.html

ebay-sec

This is the link behind the button: http://rover.ebay.com/rover/0/e13217.m.l7678/7?euid=&loc=https%3A%2F%2Freg.ebay.de%2Freg%2FUpdateContactInfo%3Fflow%3DEMAIL

It is true that their email is:

  • addressing me personally, using my eBay account
  • is not urgent, is not threatening
  • it doesn’t have attachments, but it has pictures

but, there are some elements that make it very suspicious:

  • The link they use is not ebay.de but ebay.com
  • They use a redirect from http to https
  • They are asking me to visit a website to validate my information
  • They are not using my first and last name

 

Of course, as usual, I have forwarded the email attached to spoof@ebay.com to see what they have to say about their email.

 


© Copyright 2016 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close