Is eBay actually supporting phishing?

From time to time I am wondering if these guys (I am thinking at eBay, PayPal, Amazon, some banks) are actually trying to help phishers to do their “jobs”. The email you seen in the screenshot is a 100% authentic email from eBay Germany. I am being asked, you guessed right, to “protect my eBay account”. “Dear <user>, you have not updated your personal data since more than a year. In order to have your personal data up to date, help us to protect your eBay account better”. Sounds good, right? Please check your personal ebay information and make sure that they are up to date. Please ignore this message if you have updated your data recently.”   Same as 99.99% of the phishing emails. I couldn’t believe my eyes either, so I checked the headers of the email:   Useless to say, this is against their own policies mentioned here in German http://pages.ebay.de/help/account/recognizing-spoof.html and in English here http://pages.ebay.com/help/account/recognizing-spoof.html This is the link behind the button: http://rover.ebay.com/rover/0/e13217.m.l7678/7?euid=&loc=https%3A%2F%2Freg.ebay.de%2Freg%2FUpdateContactInfo%3Fflow%3DEMAIL It is true that their email is: addressing me personally, using my eBay account is not urgent, is not threatening it doesn’t have attachments, but it has pictures but, there are some elements that make…

No Image

Quoted in SecurityWeek.com about the eBay data breach

eBay, Security Experts Say Database Dump is Fake By Eduard Kovacs on May 23, 2014 It’s uncertain who is behind the attack, but other cybercriminals and scammers are already trying to profit from the incident. Experts have reported seeing a higher number of PayPal and eBay phishing attacks, (links to this blog) and, a post on Pastebin was found offering to sell 145,312,663 eBay customer records for 1.453 Bitcoin (around $750). “What I find very distressful is the fact that the breach occurred 2 months ago and they found out just two weeks ago,” IT security expert Sorin Mustaca told SecurityWeek.   As far as disclosing information about the incident, Mustaca noted, “eBay is very careful in what they disclose because they are afraid of being sued. And indeed, I’ve seen in the media that there are already some attempts to sue them over their practices in what the security of the network is concerned.”

No Image

Phishing attempts making use of the eBay data breach

I wrote about the eBay data breach where cybercriminals got access to some eBay employees’ credentials and accessed the internal network. Names, email addresses, postal addresses, phone numbers, birth dates and encrpyted passwords were obtained. eBay started a campaign to reset the password of all their users. More information is available in their FAQ. Unfortunately, the breach occurred some time ago (between February and March this year) and this gave time to the hackers to already make use of the data. eBay communicated that the breach was discovered two weeks ago, but why they didn’t disclose the fact earlier it is not yet clear. There are already reports in the media that several spam waves are being sent containing  phishing  attempts that are impersonating eBay. Some of the emails contain an attached HTML form where the user is addressed with full name, email address and postal address. The recipient is urged to change his password due to the data breach and also requested credit card details. Obviously, the hackers didn’t even bother to crack the hashed passwords, they have started a targeted attack against the eBay users. An official email from eBay is containing: – the name as provided in the eBay account (nickname) – the full name…

No Image

How to change your password on eBay after the security breach

eBay informed customers to change their passwords after a security breach. Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers. The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today. The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.     Here is how to change your password 1. Login to eBay 2. Click on your user name on the top left corner and choose “Account Settings” 3….

No Image

Bug or feature: Mime Type Detection

Also known as MIME Sniffing, this is a feature or bug in IE which is the only browser able to dynamically determine the content type of the document it loads. So, in this case, it detects a plain text document with HTML content instead of a an JPG header. And the content of the “JPG” file which is text/html: The URL was reported to Phishtank and CleanMX. The users of Avira Professional and Avira Premium Security Suite are protected if they use the latest Webguard signatures.

%d bloggers like this: