From time to time I am wondering if these guys (I am thinking at eBay, PayPal, Amazon, some banks) are actually trying to help phishers to do their “jobs”.
The email you seen in the screenshot is a 100% authentic email from eBay Germany. I am being asked, you guessed right, to “protect my eBay account”.
“Dear <user>, you have not updated your personal data since more than a year. In order to have your personal data up to date, help us to protect your eBay account better”. Sounds good, right? Please check your personal ebay information and make sure that they are up to date. Please ignore this message if you have updated your data recently.”
Same as 99.99% of the phishing emails.
I couldn’t believe my eyes either, so I checked the headers of the email:
Useless to say, this is against their own policies mentioned here in German http://pages.ebay.de/help/account/recognizing-spoof.html and in English here http://pages.ebay.com/help/account/recognizing-spoof.html
This is the link behind the button: http://rover.ebay.com/rover/0/e13217.m.l7678/7?euid=&loc=https%3A%2F%2Freg.ebay.de%2Freg%2FUpdateContactInfo%3Fflow%3DEMAIL
It is true that their email is:
- addressing me personally, using my eBay account
- is not urgent, is not threatening
- it doesn’t have attachments, but it has pictures
but, there are some elements that make it very suspicious:
- The link they use is not ebay.de but ebay.com
- They use a redirect from http to https
- They are asking me to visit a website to validate my information
- They are not using my first and last name
Of course, as usual, I have forwarded the email attached to email@example.com to see what they have to say about their email.
© Copyright 2016 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch