Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have reminded
computer users to be wary of phishing scams following the discovery
of a scam that tries to steal usernames and passwords off eBay
users by claiming the giant auction website will close for business
on 27 February.
The emails claim that eBay has decided to shut down its business
at the end of next month, and is asking users to vote on whether
they disagree with the decision. The email claims that 50% of eBay
members are required to say that they want eBay to stay open,
otherwise it will be closed permanently.
The email reads:
Dear eBay Community:
We have decided to close eBay on 27 February 2007 due to the
repeatedly abuses on our company. We ask your opinion on this
matter and we want to know if you agree with us or disagree .Below
you can make your choice.
If you want eBay to stay open click YES otherwise click NO
.Your opinion is very important to us. If 50% of the eBay members
vote positive eBay stays open otherwise it will be closed.
However, clicking on either of the links takes the user to a
phishing website which poses as eBay, and is designed to steal
usernames and passwords from users. Sophos has determined that the
phishing website is hosted on a hacked server belonging to a UK
"It's unlikely that anyone would really believe that such a
successful website as eBay is considering shutting its doors for
business, but they might think it is a teaser campaign by the
auction giant for some other kind of promotion," said Graham Cluley, senior
technology consultant for Sophos. "This isn't the most
sophisticated phishing campaign in the world, but it could still
result in the unwary handing their account details over to hackers
who could then use them to make fraudulent purchases and commit
other identity crimes."
Last year Sophos revealed
that over 75% of all phishing emails were targeted at customers of
eBay and PayPal.
eBay, like Sophos, is a member of the Anti-Phishing Working
Group (APWG), an organization dedicated to wiping out internet
scams and fraud. eBay has published tutorials on how to spot
phishing emails on its website:
Sophos continues to recommend that all organizations protect
their email with an integrated security
solution to thwart spam, spyware and malware threats.